OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: ..Role of Security Services..

The topic of security services is not currently covered in 
the Strawman 1 document. There are some references
to a third party security service but no requirements or
characterization of the interfaces exposed by such a security service.
Here I will give a brief description and motivation for standardizing
(some) security system interfaces.
The S2ML specification describes two security
services: Auth and Az (I realize there may be some
naming issues here!). They have the following signatures:
Credentials (login, public key, X509Certificate) ---> Name Assertion
Name Assertion x Assertions x Question --> Assertion(s) x Answer 
The model here is to provide standard interfaces between applications
and security engines. This supports inter-operability between security
engines as applications can use them in a vendor independent
manner. In a different direction, standardizing interfaces of this type
also supports a notion of providing standard security services as web
services over the internet. 
The security interfaces described in S2ML are those that are typically 
driven off security engine policies
(as oppossed to interfaces exposing crypto operations etc.). Often,
these interfaces are based on security engine components 
including DBs, LDAP, legacy code, policy languages etc.
Providing a standard interface allows for a generic way to "query" a
security engine.  
- prateek mishra

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC