OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Fwd: Submission of AuthXML to OASIS XML Security TC

Folks-- Unfortunately, due to a technical problem, Eric is apparently not 
able to send to the list, so he's asked me to forward the following.


>Date: Fri, 19 Jan 2001 15:04:53 -0800
>From: Eric Olden <eric@securant.com>
>Subject: Submission of AuthXML to OASIS XML Security TC
>To: "Eve L. Maler" <eve.maler@east.sun.com>,
>         security-services@lists.oasis-open.org
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>Importance: High
>On behalf of the AuthXML Working Group I am formally submitting the AuthXML
>specification for consideration by the OASIS XML Security Services TC. It
>has been the desire of the AuthXML Working Group to work on a unified
>standard effort and merge the work of AuthXML with S2ML to achieve a unified
>and combined standard. By unifying these efforts the market will realize the
>benefits of both initiatives and avoid redundant work.
>Following are some details about AuthXML and its relevance to the newly
>formed OASIS TC's efforts. More information can also be found at
>www.authxml.org. We look forward to a cooperative and successful effort!
>Eric Olden
>Securant Technologies
>AuthXML is a specification for interchange of authentication and
>authorization information between security systems. AuthXML defines three
>types of data:
>* a set of entities that represent objects in the domain of security -- for
>example, principals, profiles, and sessions.
>* a transport-independent messaging protocol for requesting and returning
>these entities.
>* a set of binding of this messaging protocol to transport protocols, such
>as HTTP and SOAP.
>The AuthXML specification provides an XML schema that defines the entities
>and message formats. It also provides examples for recommended bindings.
>*Where XML Fits In*
>AuthXML is intended for use anywhere that exchange of authentication and
>authorization data would be beneficial. In particular, it can be used to
>establish trust relationships between security systems. This would allow,
>for example, users to log in to one system, such as an intranet or a portal
>Web site, and use other multiple Web sites without logging in again.
>AuthXML was developed by a group of 45 member companies (and approx. 215
>'reviewers') involved in Internet security known as the AuthXML Working
>Group. In December 2000, the AuthXML Working Group voted to submit AuthXML
>to the Oasis XML Security Services TC to continue its development. We expect
>it to contribute to the final output of that TC.
>*Comparison with S2ML*
>The currently submitted specification, S2ML, has many similarities to
>AuthXML. Both use an XML format, and both depend on XML Digital Signatures
>(XML-DSIG) for verification. Name and entitlement assertions in S2ML map
>fairly closely with AuthXML entities.
>The main difference between the two is that AuthXML has a wider array of
>message types defined. The AuthXML message protocol is more based on a
>request-response model, whereas S2ML assertions are designed to be carried
>with the payload of other messages.
>We expect that the standard to come out of the TC could use the AuthXML
>messaging format in addition to the two S2ML messages. The AuthXML entity
>definitions could also be used to augment the assertions defined in S2ML.



Eve Maler                                          +1 781 442 3190
Sun Microsystems XML Technology Center    eve.maler @ east.sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC