wsrp message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: [wsrp] draft security profile questions
- From: Rich Thompson <richt2@us.ibm.com>
- To: wsrp@lists.oasis-open.org
- Date: Tue, 11 Oct 2005 15:32:45 -0400
Please provide feedback on the questions
we want to use for contacting our various security teams about the possibility
of building one or two simple security profiles for use while waiting for
standardized policy frameworks to emerge. Hopefully we can agree on a short
set of questions over the next week such that the gathering of input can
begin shortly after that.
----------------------- draft starts
below --------------------
Considering the number of customer requests
for interoperable security profiles and the lack of a standardized policy
framework for negotiating a security profile to use for WSRP-related messages,
the WSRP TC is seeking input about whether simple interoperable profiles
could be defined. In particular, which of the following items is expected
to be supported in the mid-2006 timeframe:
- Transferring a Consumer identity
via SSL/TLS, an End-User identity via a WS-Security token and exposing
both to applications.
- Transferring a Consumer identity
via a digital signature, an End-User identity via a WS-Security token and
exposing both to applications.
- Which WS-Security tokens do
you expect to be supporting?
- If SAML is supported, what user
attributes will be supported?
- Is support for maintaining security
contexts for multiple web service requests anticipated? If so, using what
technology?
- Is automated configuration supported?
If so, are any particular inputs to the process required?
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]