[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: SOAP security extension specs
|
[Per our discussion last week] SOAP-SEC is still in early stage. There is a draft
proposed by IBM and Microsoft (http://www.w3.org/TR/SOAP-dsig/).
The overview what was submitted can be found here http://www.w3.org/Submission/2001/01/Comment. And, this is another proposal about SOAP Security; http://www.trl.ibm.com/projects/xml/soap/wp/wp.html I think DSMLv2 should prescribe that DSML’s next lower
layer should be responsible for authentication process. Principally, I think this
is what we’ve agreed so far. Examples: 1)
If SOAP is used as a binding, then
SOAP will be responsible for authentication, regardless of how SOAP is
transported (HTTP, SMTP, etc). 2)
In a hypothetical case: let’s
say we support DSML over HTTP; then HTTP should be the one. HTTP can use Basic
Auth, Digest,etc. 3)
In the case of File Binding, the authentication,
normally, has taken place at OS level. Thanks. --andy |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC