[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Agenda for Con-Call, October 04, 2001
Agenda
----------
1. Agenda Discussion
2. SOAP vs HTTP
http://lists.oasis-open.org/archives/security-bindings/200110/msg00000.html
<http://lists.oasis-open.org/archives/security-bindings/200110/msg00000.html
>
3. Intermediaries and SOAP
http://lists.oasis-open.org/archives/security-bindings/200110/msg00003.html
<http://lists.oasis-open.org/archives/security-bindings/200110/msg00003.html
>
3. Detailed notes on HTTP and SOAP bindings from f2f#4 meeting
HTTP Binding
(i) detailed analysis of HTTP headers, there is a need to review all HTTP
1.1
headers and call out relevant headers (with reasons)
(ii) Next rev. of the HTTP binding should be posted to the HTTP working
group
for comments
(iii) Security Model: following authentication models are
mandatory-to-implement:
(a) requestor and respondor digitally sign SAML requests and responses
(b) Server utilizes a SSL v3 certificate, client may utilize
(i) no authentication
(ii) basic auth
(iii) message digest
(iv) SSL v3 client certificate
(iv) Authentication and Confidentiality may also be provided by other means
including IPsec, proprietary methods, etc.
(items in (iii) are mandatory-to-implement NOT mandatory-to-deploy)
SOAP Binding
(i) considerations relating to fully qualified SAML elements to be moved to
core.
(ii) Security may be provided either at the transport-layer or at the SOAP
layer.
(iii) Security model (Mandatory-to-implement)
(a) digital signing of SOAP messages
(b) use of security model for HTTP
4. Next steps with bindings section - How can we start to wrap up?
5. Recent submissions - Don Flinn's Smart Browser Profile
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC