OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: XML DSIG for authentication

PY,
	Nice to hear from you. Comments embedded.
cheers

<snip .../>
  |
  |Are we divorcing ebXML MS totally and expect this to run on any
  |SOAP complaint protocol including ebMS? Sekhar's description refers to
ebXML header and
  |its use of ds:Signature element. So, I take we are still scoping for ebMS
as the primary TRP right?
  |
  |Also AFAIK BEEP is like HTTP over which we typically layer ebXML
  |MS (SOAP) etc.
  |
<KS>
	Good question. By BEEP I meant BEEP + things like APEX and related
application protocols over BEEP. Also the transport substrate could be JXTA
for all we know or even RNIF. On the other hand if we want to assume ebXML
TRP, it is a big step, but we could. Might limit the deployment, may be not.
</KS>
  |>                 2)      There is no message level API which we
  |(as in upper layers) can talk
  |> to - for example to get the authentication assertion (to correlate the
  |> userID with the registry userId) or even to find out if the user is
  |> authenticated. I had raised this long time ago with the then
  |ebXML TRP and
  |> the reply was that they are working on an API layer.
  |
  |Yes, the APIs are in the scope for next phase. Also, Sekhar was proposing
this as 2.0 item.
  |Hence it seemed good to influence ebMS rather than devise a scheme that
ebMS may or may night
  |end-up aligning with. IMO the mechanism of how where dsigs get
incorporated into the message
  |format should come from MS with ebRS defining the semantics and
requirements over and above it.
  |I mean things like using the authentication information to resolve roles
as well etc.
  |
<KS>
	I am fine for influencing the TRP so long as we also get a two-way
"channel"/"APIs" to get some security assertions. Plus we need to tell the
msh that we need authentication for these messages - I assume this would be
a <needAuthentication> element in the TPA. The only caveat is that this
*requires* ebXML TRP or we would need to define an abstract layer and then
bindings to various transports.
</KS>
  |Like you usually say my two yens..
  |
<KS>
	Had traded all the yens to $ and sunk them in NASDAQ :o( Just pennies are
all I am left with.
</KS>
cheers

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC