[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Minutes from Bindings Con-call, July 26
Attendees: ------------------- Krishna Sankar Simon Godik Tim Moses Prateek Mishra Agenda Bashing: Krishna: Plan to submit a binding and/or profile for BEEP. Is there interest in this space? Prateek: Definitely of interest, all of this is driven by the interest of SAML participants. Krishna: BEEP includes a SOAP-over-BEEP binding, presumably SAML SOAP binding will work with this. Simon: This should be a requirement of the SAML SOAP binding, that it is generic and can work with many different substrate protocols. Krishna: There is still an issue of providing a "native" SAML binding for BEEP. Simon: Is there interest in a CORBA profile? Prateek: I havent looked at CSIv2 but if people are interested they should push forward and submit profile. Issues with the SOAP binding: (1) support for box-carring (has also been discussed in context of the HTTP binding); this needs to be presented to the general TC. (2) Fault Codes discussion needs to be made more explicit. Distinction between SAML-level errors and SOAP-level errors needs to be called out. (3) [Tim Moses] Authentication and Integrity should be resolvable at the substrate protocol level or at the SOAP level. For HTTP we can point to HTTP/S with client and server certificates as a mandatory to implement technique. At the SOAP level we would specify digital signing as one technique. (4) Discussion of digital signing: again, we need input from the TC concerning acceptable signing formats. The SOAP case is complicated by the fact that the entire SOAP message could be signed AND the enclosed SAML message signed separately. Each provides authentication at a different level but there is also a need to clarify how and when a "super-signature" can also be seen as providing a signature for the elements within a SOAP message. (5) Confidentiality: Can be resolved at the substrate protocol level (again HTTPS with server-side certificates provides a mandatory to implement technique). Unfortunately, at the SOAP level itself there is no standard message oriented technique for confidentiality. This will only be possible when XML-ENCRYPTION standard becomes available. So for the near future, we have to depend on point-to-point confidentiality only. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC