OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Resend: ISSUE:[UC-8-0*:Intermediaries*]

Sorry, I accidentally hit some random keys whilst pasting into the message
that caused it to be sent.  I resend with the actual content I desired.

I am baffled that this has not generated more discussion.  The role of
intermediaries and security on XML Protocol has been going on for months
now.

I would have liked to see more discussion on our domain model/abstract model
on this concept.  I show the following links to illustrate XP's discussion
of intermediaries as it seems extremely relevent.

[1] http://www.w3.org/2000/xp/Group/xp-reqs-05.html#fig1 Requirements doc
showing intermediaries
[2]
http://lists.w3.org/Archives/Public/xml-dist-app/2001Mar/att-0066/01-01-03-1
3-an_abstract_model_for_intermediaries.html
[3]
http://www.w3.org/2000/xp/Group/1/02/13-abstract-model/XMLProtocolAM.html
shows the XP abstract model.  Section 3.3 talks exclusively about
intermediaries.  

There is a good definition of an XP Intermediary in the XP requirements doc,
which seems equivalent to a SAML intermediary:
XMLP intermediary 
An XMLP intermediary is both an XMLP receiver and an XMLP sender,
target-able from within an XMLP message. It processes a defined set of
blocks in an XMLP message along an XMLP message path. It acts in order to
forward the XMLP message towards the ultimate XMLP receiver.

Some questions I have:

What other operations are permitted or not permitted at the intermediary?  
Can it change the target?  
What if the message is a SOAP message with Attachments.  Can the attachments
be changed/added/deleted?
In what cases is it not really an intermediary, but really a chain of 2
different SAML requests?  My question is at what kind of operations on the
request is it no longer considered a modification of a request but a whole
new request.  8.4 Seems exactly like this, there is no "Edit" of the SAML
request, it's a whole new request.  
How is an intermediary "targetted" by the sender of the SAML?
How is a SAML intermediary different than an XP intermediary?  Are we
duplicating effort?  How are we "distinct"?

I have more questions, but I'll stop there as it's late.

Cheers,
Dave Orchard
XML Architect
Jamcracker Inc.,    19000 Homestead Dr., Cupertino, CA 95014
p: 408.864.5118     m: 604.908.8425    f: 408.725.4310

www.jamcracker.com - Sounds like a job for Jamcracker.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC