[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp] RE: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-SecurityOASIS TC M eeting
Yes and yes, I agree with Mark. I've also found out what Mark mentions in is last sentence, that WS-Security does not have the notion of identity mapping in its current draft. In a previous conf call we've said that we would be removing userID from the protocol because WS-Security would provide that mapping. As it turned out things are different we may need to rediscuss this. Alejandro Cassidy, Mark wrote: > Roles and user identity are really distinct concepts. Roles provide a way > of grouping principals(users/groups) with similar attributes into a class > that can be used for defining access control policies. A given user's > identity does not need to be known to a particular application for > role-based access control to be used by that application. > > User identity mapping is useful for distributed systems that don't share a > common identifier for a user. A common WSRP use case is one where a > Producer provisions user accounts in some back end application for each > end-user. These user accounts may not be based on the identity the user > authenticates with at the Consumer. In this case, a mapping is needed > between the Consumer's authenticated identity and the back end application's > identity for the user. > > WS-Security had no notion of identity mapping, at least in the original spec > draft. I haven't looked at the recent addendum. > > -----Original Message----- > From: Carsten Leue [mailto:CLEUE@de.ibm.com] > Sent: Wednesday, August 28, 2002 12:36 AM > To: Monica Martin > Cc: Monica Martin; wsia@lists.oasis-open.org; wsrp@lists.oasis-open.org > Subject: Re: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC > Meeting > > > > Hi Monica. > > Great that you are attending the meeting, that will give us the oppotunity > to fix some outstanding questions. My current questions/concerns are: > > - will our role concept become obsolete in the near future? Will there be > WS standards that handle role transfer/mapping directly inside the SOAP > stack? > - is what we define a "role" really a role from a security standpoint or > rather a delegated user identity? Maybe the correct approach would be to > let WS security send a couple of user identities rather than inventing our > own role concept. Is this possible in WS-Security? Would it be the correct > approach > - does WS-Security define user identity mapping? If not how is the transfer > of user identity supposed to work? Will there be an upcoming standard? Is > the user identiy programmatically accessible? When will that be > incorporated in standard SOAP stacks (AXIS, .NET)? > > - the basic question is: should be define security directly in our protocol > at all or will WS-security and forthcoming standards handle this problem. > > Best regards > Carsten Leue > > ------- > Dr. Carsten Leue > Dept.8288, IBM Laboratory Böblingen , Germany > Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 > > > > |---------+----------------------------> > | | Monica Martin | > | | <mmartin@certivo.| > | | net> | > | | | > | | 08/27/2002 07:38 | > | | PM | > |---------+----------------------------> > > >>--------------------------------------------------------------------------- > > ----------------------------------------------------| > | > | > | To: wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org > | > | cc: Monica Martin <mmartin@certivo.net> > | > | Subject: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS > TC Meeting | > | > | > | > | > > >>--------------------------------------------------------------------------- > > ----------------------------------------------------| > > > > I hope to be attending the upcoming WS-Security opening TC next week > from 4-5 September 2002 in Redwood City. As this related standards > development complements or affects our work, I am asking if you have > general questions or inputs? I could be more focused in providing any > feedback for the benefit of the WSRP-WSIA efforts. > > Thank you. > Monica J. Martin > Drake Certivo, Inc. > 208.585.5946 > > -----Original Message----- > From: Lothar Merk > Sent: Fri 8/23/2002 12:51 AM > To: wsrp@lists.oasis-open.org; wsia@lists.oasis-open.org > Cc: > Subject: [wsia] WSIA/WSRP F2F Meeting - Registration - Final > Reminder > > > > Hello, > > if you have not registered up to now and you intend to come to > the > WSIA/WSRP F2F Meeting in Germany (September 9th-12th), please > reply to this > e-mail today (August 23rd). > Please indicate if you will attend all 4 days or only parts of > the meeting. > Attached you can find a list of persons that registered so > far. > Please send > me a mail if you registered and cannot find you name in the > list. > > You can find the agenda and information about the meeting > location/hotels > at http://oasis-open.org/committees/wsrp/meetings/index.shtml. > > Regards, > > Lothar > > (See attached file: 3rdF2FReg.htm) > ----- Forwarded by Lothar Merk/Germany/IBM on 23.08.2002 08:30 > ----- > > Lothar Merk > To: wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org > 19.08.2002 08:32 cc: > From: Lothar Merk/Germany/IBM@IBMDE > Subject: F2F Meeting - Registration - 2nd Reminder > Hi All, > > Please reply to this e-mail until end of this week (August > 23rd) > to > register for the WSIA/WSRP F2F Meeting in Germany (September > 9th-12th). > Please indicate if you will attend all 4 days or only parts of > the meeting. > > You can find the preliminary agenda and information about the > meeting > location/hotels at > http://oasis-open.org/committees/wsrp/meetings/index.shtml. > > Regards, > > Lothar > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC