[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Fwd: Submission of AuthXML to OASIS XML Security TC
Folks-- Unfortunately, due to a technical problem, Eric is apparently not able to send to the list, so he's asked me to forward the following. Eve >Date: Fri, 19 Jan 2001 15:04:53 -0800 >From: Eric Olden <eric@securant.com> >Subject: Submission of AuthXML to OASIS XML Security TC >To: "Eve L. Maler" <eve.maler@east.sun.com>, > security-services@lists.oasis-open.org >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) >Importance: High > >Colleagues, > >On behalf of the AuthXML Working Group I am formally submitting the AuthXML >specification for consideration by the OASIS XML Security Services TC. It >has been the desire of the AuthXML Working Group to work on a unified >standard effort and merge the work of AuthXML with S2ML to achieve a unified >and combined standard. By unifying these efforts the market will realize the >benefits of both initiatives and avoid redundant work. > >Following are some details about AuthXML and its relevance to the newly >formed OASIS TC's efforts. More information can also be found at >www.authxml.org. We look forward to a cooperative and successful effort! > >Regards, > >Eric Olden >CTO >Securant Technologies >eric@securant.com > > >AuthXML is a specification for interchange of authentication and >authorization information between security systems. AuthXML defines three >types of data: > >* a set of entities that represent objects in the domain of security -- for >example, principals, profiles, and sessions. > >* a transport-independent messaging protocol for requesting and returning >these entities. > >* a set of binding of this messaging protocol to transport protocols, such >as HTTP and SOAP. > >The AuthXML specification provides an XML schema that defines the entities >and message formats. It also provides examples for recommended bindings. > >*Where XML Fits In* > >AuthXML is intended for use anywhere that exchange of authentication and >authorization data would be beneficial. In particular, it can be used to >establish trust relationships between security systems. This would allow, >for example, users to log in to one system, such as an intranet or a portal >Web site, and use other multiple Web sites without logging in again. > >AuthXML was developed by a group of 45 member companies (and approx. 215 >'reviewers') involved in Internet security known as the AuthXML Working >Group. In December 2000, the AuthXML Working Group voted to submit AuthXML >to the Oasis XML Security Services TC to continue its development. We expect >it to contribute to the final output of that TC. > >*Comparison with S2ML* > >The currently submitted specification, S2ML, has many similarities to >AuthXML. Both use an XML format, and both depend on XML Digital Signatures >(XML-DSIG) for verification. Name and entitlement assertions in S2ML map >fairly closely with AuthXML entities. > >The main difference between the two is that AuthXML has a wider array of >message types defined. The AuthXML message protocol is more based on a >request-response model, whereas S2ML assertions are designed to be carried >with the payload of other messages. > >We expect that the standard to come out of the TC could use the AuthXML >messaging format in addition to the two S2ML messages. The AuthXML entity >definitions could also be used to augment the assertions defined in S2ML.
-- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ east.sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC