[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ebxml-msg] A question about authorisation [SEC=UNCLASSIFIED]
Hi Pim, Thanks for pointing me at that. I understand that a little better now. SAML is most suited to the primary header. To use it in a secondary header, it would have to be used to sign something. Like an X.509 Certificate, the
credential must be exercised to establish ownership. To give me a little more context on how authorisation works in a hub scenario, with a Pull request, if I have a hub holding a number of messages destined for different Receiving MSHs waiting to be collected is in normal that:
·
Messages would be placed in separate MPCs for each Receiving MSH; or
·
Messages would be in a single MPC with an authorisation mechanism determining which Receiving MSH could pick up which message (not that I have found this in the standard); or
·
Some other way? Am I on the right track or missing something? Regards, Ian Otto. -----Original Message----- Hello Ian, With a pull request there can be two separate WS-Security headers, one a regular one which can be X.509 based and a separate one for authorization target to an "ebms" actor/role (see section 7.10 in v3.0 Core). So when you propose a SAML token profile, the question is if it is used as an alternative for the regular WS-Security header and/or this separate authorization header. Pim -----Original Message----- From: ebxml-msg@lists.oasis-open.org [mailto:ebxml-msg@lists.oasis-open.org] On Behalf Of Mr. Ian Otto Sent: 27 June 2013 09:19 To: ebxml-msg@lists.oasis-open.org Subject: [ebxml-msg] A question about authorisation At yesterday's TC meeting, I received the impression that X.509 Certificates could not be used for Pull authorisation. Is that correct? Do you need a username/password for Pull authorisation? ************************************************************************* The Commonwealth does not warrant that any attachments are free The security of emails transmitted in an unencrypted environment |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]