[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] SSTC FOCUS call, March 22
I have attempted to reflect comments from RL Bob, Tony, and Jeff as follows Note: these sections are copied from their respective places within the doc Securing Web Services SAML assertions can be used within SOAP messages in order to convey security and identity information between actors in web service interactions. The SAML Token Profile of the OASIS Web Services Security (WSS) TC specifies how SAML assertions should be used for this purpose. The* *Liberty Alliance's Identity Web Service Framework* *(ID-WSF) also uses SAML assertions as the base security token for enabling secure and privacy-respecting access to web services. WS-Trust, one component of the WS-* framework initiative, proposes protocols for the exchange and validation of security tokens used as described within WSS. A SAML assertion is one such supported security token format. Shibboleth The Shibboleth Project is an initiative of the Internet2 consortium to develop technical and policy frameworks and an open-source software system for controlling access to online resources- targeted to the needs of higher education, research, and their partners. Like Liberty, the Shibboleth System profiles SAML for its particular requirements and, also like Liberty, has built privacy management into its architecture. Input from the Shibboleth Project's use of SAML 1.x has been fed back into SAML V2.0. WS-* WS-* is the unofficial name for refering to an inititiative proposing a broad set of specifications for different aspects of Web Services, including security. The security aspects of WS-* are based on the concept of using security tokens as described in the OASIS WSS TC – the SAML Token Profile of whicih specifies the usage of SAML assertions as such a security token. prateek mishra wrote the following on 22/03/2005 09:13: > Dial in info: +1 865 673 6950 #351-8396 > > I. Status and next steps with SAML 2.0 supporting docs > > _1. > http://www.oasis-open.org/apps/org/workgroup/security/download.php/11786/sstc-saml-exec-overview-2.0-draft-06.sxw_ > > _Recent comments: > a. > http://lists.oasis-open.org/archives/security-services/200503/msg00056.html_ > > __ > > _ > b. > http://lists.oasis-open.org/archives/security-services/200503/msg00060.html_ > > _2. > http://www.oasis-open.org/apps/org/workgroup/security/download.php/11511/sstc-saml-tech-overview-2.0-draft-03.pdf_ > > _II. Any other business?_ > > _ _ > >------------------------------------------------------------------------ > >No virus found in this incoming message. >Checked by AVG Anti-Virus. >Version: 7.0.308 / Virus Database: 266.8.0 - Release Date: 21/03/2005 > > -- Paul Madsen e:paulmadsen@ntt-at.com NTT p:613-482-0432 Co-Chair, Technology Expert Group m:613-302-1428 Liberty Alliance Project aim:PaulMdsn5
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]