wss-comment message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [wss-comment] 2 comments on WSS 1.0 spec now balloting at OASIS
- From: Kelvin Lawrence <klawrenc@us.ibm.com>
- To: Michael.Mccormick@wellsfargo.com
- Date: Wed, 17 Mar 2004 09:27:07 -0600
Michael.Mccormick@wellsfargo.com wrote on 03/17/2004
09:09:24 AM:
> Comment #1
> Document: Web Services Security: SOAP Message Security (WS-Security)
> Comment: Although general guidance is provided regarding XML security
> tokens, WSS 1.0 does not include a security assertion markup language
(SAML)
> assertion/token profile. This is a serious omission given the
critical role
> of SAML in so many federated identity solutions now being deployed.
The
> omission has forced a number of commercial web services security products
to
> create their own SAML-SOAP bindings (or use the one promoted by the
Liberty
> Alliance) in order to meet customer demand.
> Recommendation: Include a SAML 1.1 profile in the next WSS version
as early
> as possible.
>
> Comment #2
> Document: Web Services Security: Username Token Profile
> Comment: The UserName Token element (/wsse:UsernameToken) does not
provide
> any means of qualifying the user name to indicate its type or domain.
> Optional sub-elements should be defined for type (with several types
> pre-defined including e-mail address and Microsoft SAM account name)
and
> domain (DNS or NT/AD). Without such qualifiers a <Username>
value can often
> be ambiguous or non-unique. For an example of XML type and domain
> qualifiers, refer to the Username schema in the security assertion
markup
> language (SAML).
> Recommendation: Add optional qualifiers to UsernameToken in the next
WSS
> version.
>
> Michael McCormick
> System Architect
> Wells Fargo Services Company
> 255 Second Ave. South
> MAC N9301-027
> Minneapolis MN 55479
> > * 612-667-9227 (voice)
> > * 612-590-1437 (cell)
> * 612-621-1318 (pager)
> > * 612-667-7642 (fax)
> > * mailto://michael.mccormick@wellsfargo.com
> > * m.mccormick@acm.org
> "THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE
OF WELLS
> FARGO"
>
>
> To unsubscribe from this list, send a post to wss-comment-
> unsubscribe@lists.oasis-open.org, or visit http://www.oasis-open.org/mlmanage/
> .
>
Michael, thanks for taking the time to send comments.
As to your point on additional token profiles - the WSS TC is actively
working on a set of additional token profiles, including one for SAML.
If you look at the WSS document repository [1] you will see the latest
draft of these additional profiles. The TC hopes to progress these other
profiles to completion over the coming months.
[1]http://www.oasis-open.org/committees/documents.php?wg_abbrev=wss
Cheers
Kelvin.
WSS TC co-Chair
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]