[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ebxml-msg] A question about authorisation [SEC=UNCLASSIFIED]
Hello Ian,
In my interpretation of how Pull should work the approach to
take would be the one described in your first bullet
point. But this is something we should discuss on the call with the people who
were around when this was added to the spec, as your email is a reminder that I
had a related question on Pull that I will file a Jira item
for.
Pim From: ebxml-msg@lists.oasis-open.org [mailto:ebxml-msg@lists.oasis-open.org] On Behalf Of Otto, Ian Sent: 01 July 2013 06:44 To: 'Pim van der Eijk'; ebxml-msg@lists.oasis-open.org Subject: RE: [ebxml-msg] A question about authorisation [SEC=UNCLASSIFIED] Hi Pim,
Thanks for pointing me at that. I understand that a little better now. SAML is
most suited to the primary header. To use it in a secondary header, it would
have to be used to sign something. Like an X.509 Certificate, the credential
must be exercised to establish ownership. To give me a little more context on how authorisation
works in a hub scenario, with a Pull request, if I have a hub holding a number
of messages destined for different Receiving MSHs waiting to be collected is in
normal that: ·
Messages would be placed in separate MPCs for
each Receiving MSH; or ·
Messages would be in a single MPC with an
authorisation mechanism determining which Receiving MSH could pick up which
message (not that I have found this in the standard); or ·
Some other way? Am I on the right track or missing
something? Regards, Ian Otto. -----Original Message----- Hello Ian, With a pull request there can be two separate WS-Security
headers, one a regular one which can be X.509 based and a separate one for
authorization target to an "ebms" actor/role (see section 7.10 in v3.0
Core). So when you propose a SAML token profile, the question is if it
is used as an alternative for the regular WS-Security header and/or this
separate authorization header. Pim -----Original Message----- From: ebxml-msg@lists.oasis-open.org [mailto:ebxml-msg@lists.oasis-open.org]
On Behalf Of Mr. Ian Otto Sent: 27 June 2013 09:19 To: ebxml-msg@lists.oasis-open.org Subject: [ebxml-msg] A question about
authorisation At yesterday's TC meeting, I received the impression
that X.509 Certificates could not be used for Pull
authorisation. Is that correct? Do you need a username/password for Pull
authorisation? ************************************************************************* The Commonwealth does not warrant that any attachments are free The security of emails transmitted in an unencrypted environment |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]