[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsrp][security] High-level scenario
A couple of quick observations: The text seems to imply an independent re-authentication of the user within the WSRP service infrastructure after the portal has authenticated the user. This is something that we will want to avoid if possible. For example, the WSRP service made have a trust relationship defined with respect to the client asserting forward it's identity. It's not clear to me that the portal should necessarily send the users identity and the portal identity. Does this case simply imply that we need to support this but not mandate it? It's easy to imagine use cases where where a business relationship between the portal provider and the WSRP service provider is based on the two business entities independent of the client identity; in such cases, it's possible that the client, for privacy reasons, does not want to identified or tracked, or that the business hosting the portal does not want individual users tracked. Is this one of many scenarios that we'll be looking at? Greg -----Original Message----- From: Cassidy, Mark [mailto:mcassidy@Netegrity.com] Sent: Tuesday, April 02, 2002 3:42 PM To: 'wsrp@lists.oasis-open.org' Subject: [wsrp][security] High-level scenario Please see the attached high-level scenario outlining security considerations. This is intended to be a seed for discussion in tomorrow's telecon; additional scenarios need to be identifed and then fleshed out with more details. As was mentioned in today's joint wsia/wsrp interfaces call, we should be looking at other standards efforts in the security space(SAML, etc) and how they can address the needs we define in the WSRP context. Ideally we could leverage those efforts and not need to invent anything that is specific to WSRP. Comments? <<WSRP Security Scenario.doc>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC