OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] SSTC FOCUS call, March 22

I have attempted to reflect comments from RL Bob, Tony, and Jeff as follows

Note: these sections are copied from their respective places within the doc

      Securing Web Services

SAML assertions can be used within SOAP messages in order to convey 
security and identity information between actors in web service 
interactions. The SAML Token Profile of the OASIS Web Services Security 
(WSS) TC specifies how SAML assertions should be used for this purpose. 
The* *Liberty Alliance's Identity Web Service Framework* *(ID-WSF) also 
uses SAML assertions as the base security token for enabling secure and 
privacy-respecting access to web services.

WS-Trust, one component of the WS-* framework initiative, proposes 
protocols for the exchange and validation of security tokens used as 
described within WSS. A SAML assertion is one such supported security 
token format.


The Shibboleth Project is an initiative of the Internet2 consortium to 
develop technical and policy frameworks and an open-source software 
system for controlling access to online resources- targeted to the needs 
of higher education, research, and their partners. Like Liberty, the 
Shibboleth System profiles SAML for its particular requirements and, 
also like Liberty, has built privacy management into its architecture. 
Input from the Shibboleth Project's use of SAML 1.x has been fed back 
into SAML V2.0.


WS-* is the unofficial name for refering to an inititiative proposing a 
broad set of specifications for different aspects of Web Services, 
including security. The security aspects of WS-* are based on the 
concept of using security tokens as described in the OASIS WSS TC – the 
SAML Token Profile of whicih specifies the usage of SAML assertions as 
such a security token.

prateek mishra wrote the following on 22/03/2005 09:13:

> Dial in info: +1 865 673 6950 #351-8396
> I. Status and next steps with SAML 2.0 supporting docs
> _1. 
> http://www.oasis-open.org/apps/org/workgroup/security/download.php/11786/sstc-saml-exec-overview-2.0-draft-06.sxw_
> _Recent comments:
> a. 
> http://lists.oasis-open.org/archives/security-services/200503/msg00056.html_
> __
> _
> b. 
> http://lists.oasis-open.org/archives/security-services/200503/msg00060.html_
> _2. 
> http://www.oasis-open.org/apps/org/workgroup/security/download.php/11511/sstc-saml-tech-overview-2.0-draft-03.pdf_
> _II. Any other business?_
> _ _
>No virus found in this incoming message.
>Checked by AVG Anti-Virus.
>Version: 7.0.308 / Virus Database: 266.8.0 - Release Date: 21/03/2005

Paul Madsen                        e:paulmadsen@ntt-at.com
NTT                                p:613-482-0432
Co-Chair, Technology Expert Group  m:613-302-1428
Liberty Alliance Project           aim:PaulMdsn5

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]