[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Agenda for Con-Call, October 04, 2001
Agenda ---------- 1. Agenda Discussion 2. SOAP vs HTTP http://lists.oasis-open.org/archives/security-bindings/200110/msg00000.html <http://lists.oasis-open.org/archives/security-bindings/200110/msg00000.html > 3. Intermediaries and SOAP http://lists.oasis-open.org/archives/security-bindings/200110/msg00003.html <http://lists.oasis-open.org/archives/security-bindings/200110/msg00003.html > 3. Detailed notes on HTTP and SOAP bindings from f2f#4 meeting HTTP Binding (i) detailed analysis of HTTP headers, there is a need to review all HTTP 1.1 headers and call out relevant headers (with reasons) (ii) Next rev. of the HTTP binding should be posted to the HTTP working group for comments (iii) Security Model: following authentication models are mandatory-to-implement: (a) requestor and respondor digitally sign SAML requests and responses (b) Server utilizes a SSL v3 certificate, client may utilize (i) no authentication (ii) basic auth (iii) message digest (iv) SSL v3 client certificate (iv) Authentication and Confidentiality may also be provided by other means including IPsec, proprietary methods, etc. (items in (iii) are mandatory-to-implement NOT mandatory-to-deploy) SOAP Binding (i) considerations relating to fully qualified SAML elements to be moved to core. (ii) Security may be provided either at the transport-layer or at the SOAP layer. (iii) Security model (Mandatory-to-implement) (a) digital signing of SOAP messages (b) use of security model for HTTP 4. Next steps with bindings section - How can we start to wrap up? 5. Recent submissions - Don Flinn's Smart Browser Profile
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC