Hi Tony,
I agree the suggested schedule is aggressive, but as
indicated at end of original email, and on the call, it
is flexible because the objective is to get participation.
I take it from your reply that possibly an October date
with a 2-3 week testing window would be possible for
IBM to participate (see note below - I had not rcvd
your message until after the discussion on the call).
If that is the case, as I mentioned on the call I will plan
a conf call for the end of next week and we can discuss
further details and hopefully additional prospective
participants will join as well. (I will plan to send a
notice of the conf call by end of this week.)
Thanks,
Rich
(Note of curiosity on OASIS email behavior: Your email just showed
up in my mailbox (~10:13 EDT 20-Aug-08)
even though it apparently was sent at 10:54PM EDT last night (19-Aug-08)
(which is what my copies say) - maybe the OASIS mail distr
was jammed - since the OASIS time says 20 Aug 2008 14:13:45 -0000.
The only reason I mention it is that during the call a few minutes ago
I rcvd momentary pop up notices that this email had just arrived but
didn't
see it in my mailbox until I scrolled back to last night! But the main
point
is that when I was talking during the call I hadn't received the email
yet, so it might have seemed strange that I didn't mention receiving
it when it appears it was actually sent last night but not delivered
until the middle of today's call. Just "for the record". - rich)
Anthony Nadalin wrote:
OF051D300C.E03139B3-ON862574AB.000FE2A3-862574AB.000FFD30@us.ibm.com"
type="cite">
-------- Original Message --------
Rich, that week is way to early, will need more notice to prepare and the
time length is too short, will need at least 2-3 weeks if done virtual
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
From: "Rich.Levinson" <rich.levinson@oracle.com>
To: "ws-sx@lists.oasis-open.org" <ws-sx@lists.oasis-open.org>
Date: 08/19/2008 08:44 PM
Subject: [ws-sx] Proposed Interop for ws-sx examples document.
To: WS-SX TC members:
Based on action item from the 7/23 ws-sx minutes:
http://lists.oasis-open.org/archives/ws-sx/200807/msg00035.html
We are planning (proposing) to have a virtual interop during the week
of Sep 22-26 for the ws-sx examples document.
http://www.oasis-open.org/committees/document.php?document_id=28909&wg_abbrev=ws-sx
Below is a tidied up copy of the full table of contents. From that list the
following have been selected as the initial candidates for this Interop.
These
are subject to revision at the agreement of the participating parties. It
is
expected that if this first Interop goes well then there will be subsequent
Interops to test additional scenarios. (Possibly this effort can lead to an
eventual participation in a generally available Interop test network with
a focus on security.)
The intent is to pick scenarios that vendors support and are interested in
promoting for customer use. We will also consider adding new scenarios not
included in the doc if there is significant interest in that. Similarly,
the existing
examples can be molded to meet current practice if discrepancies are found.
The "flavor" of these scenarios is primarily straight WS-Security with
WS-SP policies
applied. However, there is one scenario that includes WS-Trust (2.3.2.5
(the ws-sx
interop scenario) and one with WS-SecureConversation (2.4.1).
2.1.1.3 UsernameToken with timestamp, nonce and password hash
15
2.1.3.1 (WSS 1.0) Encrypted UsernameToken with X.509v3 23
2.1.4 (WSS 1.1), User Name with Certificates, Sign, Encrypt
27
2.2.2.1 (WSS1.0) Mutual Auth, X.509 Certs, Symmetric Encrypt
38
2.2.4 (WSS1.1) Mutual Auth with X.509 Cert, Sign, Encrypt 46
2.3.2.4 (WSS1.1) SAML1.1/2.0 SV w X.509 Cert, Sign, Encr 83
2.3.2.5 (WSS1.1) SAML1.1/2.0 HK, Sign, Encrypt (Needs STS)
89
2.4.1 (WSS 1.0) Sec Conv bootstrap by Mut Auth w X.509 Certs
114
The selections were loosely based on the level of interest shown
during the TC by various contributors. They also represent a good
cross-section of the capabilities and include some of the more
difficult examples. As indicated above, it is intended that the
participants agree on the scenarios selected, so the initial task
will be to agree on the objectives. If at least 2 participants are
willing to do an example then it should be included.
Please send an email to me directly to indicate interest and copy
anyone else in the TC (or the whole TC) if you want others to know
of your initial interest (i.e. willing to listen to tentative
conditional interest levels as well, since the initial purpose
of this email is to gauge the interest to try to establish critical
mass - date will be flexible if there is interest in a "better" date).
Suggestions are welcome.
Thanks,
Rich
2 Scenarios
13
2.1 UsernameToken
13
2.1.1 UsernameToken – no security binding
13
2.1.1.1 UsernameToken with plain text password
13
2.1.1.2 UsernameToken without password
14
2.1.1.3 UsernameToken with timestamp, nonce and password hash
15
2.1.2 Use of SSL Transport Binding
16
2.1.2.1 UsernameToken as supporting token
17
2.1.3 (WSS 1.0) UsernameTok w Mut X.509v3 Auth, Sign, Encrypt
19
2.1.3.1 (WSS 1.0) Encrypted UsernameToken with X.509v3 23
2.1.4 (WSS 1.1), User Name with Certificates, Sign, Encrypt
27
2.2 X.509 Token Authentication Scenario Assertions
31
2.2.1 (WSS1.0) X.509 Certificates, Sign, Encrypt
31
2.2.2 (WSS1.0) Mutual Auth with X.509 Certs, Sign, Encrypt
34
2.2.2.1 (WSS1.0) Mutual Auth, X.509 Certs, Symmetric Encrypt
38
2.2.3 (WSS1.1) Anonymous with X.509 Cert, Sign, Encrypt 42
2.2.4 (WSS1.1) Mutual Auth with X.509 Cert, Sign, Encrypt 46
2.3 SAML Token Authentication Scenario Assertions
52
2.3.1 WSS 1.0 SAML Token Scenarios
54
2.3.1.1 (WSS1.0) SAML1.1 Assertion (Bearer)
54
2.3.1.2 (WSS1.0) SAML1.1 Assertion (Sender Vouches (SV)) on SSL 56
2.3.1.3 (WSS1.0) SAML1.1 Assertion (Holder of key (HK)) on SSL 59
2.3.1.4 (WSS1.0) SAML1.1 (SV) w X.509 Cert, Sign, Option Encr
60
2.3.1.5 (WSS1.0) SAML1.1 Holder of Key, Sign, Optional Encrypt 66
2.3.2 WSS 1.1 SAML Token Scenarios
72
2.3.2.1 (WSS1.1) SAML 2.0 Bearer
72
2.3.2.2 (WSS1.1) SAML2.0 Sender Vouches over SSL
76
2.3.2.3 (WSS1.1) SAML2.0 HoK over SSL
78
2.3.2.4 (WSS1.1) SAML1.1/2.0 SV w X.509 Cert, Sign, Encr 83
2.3.2.5 (WSS1.1) SAML1.1/2.0 HK, Sign, Encrypt
89
2.4 Secure Conversation Scenarios
114
2.4.1 (WSS 1.0) Sec Conv bootstrap by Mut Auth w X.509 Certs
114
|