OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ws-sx] Proposed Interop for ws-sx examples document

Rich, that week is way to early, will need more notice to prepare and the time length is too short, will need at least 2-3 weeks if done virtual

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122

Inactive hide details for "Rich.Levinson" ---08/19/2008 08:44:31 PM---To: WS-SX TC members:"Rich.Levinson" ---08/19/2008 08:44:31 PM---To: WS-SX TC members:


From:
"Rich.Levinson" <rich.levinson@oracle.com>

To:
"ws-sx@lists.oasis-open.org" <ws-sx@lists.oasis-open.org>

Date:
08/19/2008 08:44 PM

Subject:
[ws-sx] Proposed Interop for ws-sx examples document




To: WS-SX TC members:

Based on action item from the 7/23 ws-sx minutes:
http://lists.oasis-open.org/archives/ws-sx/200807/msg00035.html

We are planning (proposing) to have a virtual interop during the week
of Sep 22-26 for the ws-sx examples document.

http://www.oasis-open.org/committees/document.php?document_id=28909&wg_abbrev=ws-sx

Below is a tidied up copy of the full table of contents. From that list the
following have been selected as the initial candidates for this Interop. These
are subject to revision at the agreement of the participating parties. It is
expected that if this first Interop goes well then there will be subsequent
Interops to test additional scenarios. (Possibly this effort can lead to an
eventual participation in a generally available Interop test network with
a focus on security.)

The intent is to pick scenarios that vendors support and are interested in
promoting for customer use. We will also consider adding new scenarios not
included in the doc if there is significant interest in that. Similarly, the existing
examples can be molded to meet current practice if discrepancies are found.

The "flavor" of these scenarios is primarily straight WS-Security with WS-SP policies
applied. However, there is one scenario that includes WS-Trust (2.3.2.5 (the ws-sx
interop scenario) and one with WS-SecureConversation (2.4.1).

2.1.1.3   UsernameToken with timestamp, nonce and password hash   15
2.1.3.1   (WSS 1.0) Encrypted UsernameToken with X.509v3   23
2.1.4   (WSS 1.1), User Name with Certificates, Sign, Encrypt   27

2.2.2.1   (WSS1.0) Mutual Auth, X.509 Certs, Symmetric Encrypt   38
2.2.4   (WSS1.1) Mutual Auth with X.509 Cert, Sign, Encrypt   46

2.3.2.4   (WSS1.1) SAML1.1/2.0 SV w X.509 Cert, Sign, Encr   83
2.3.2.5   (WSS1.1) SAML1.1/2.0 HK, Sign, Encrypt (Needs STS)   89

2.4.1   (WSS 1.0) Sec Conv bootstrap by Mut Auth w X.509 Certs  114

The selections were loosely based on the level of interest shown
during the TC by various contributors. They also represent a good
cross-section of the capabilities and include some of the more
difficult examples. As indicated above, it is intended that the
participants agree on the scenarios selected, so the initial task
will be to agree on the objectives. If at least 2 participants are
willing to do an example then it should be included.

Please send an email to me directly to indicate interest and copy
anyone else in the TC (or the whole TC) if you want others to know
of your initial interest (i.e. willing to listen to tentative
conditional interest levels as well, since the initial purpose
of this email is to gauge the interest to try to establish critical
mass - date will be flexible if there is interest in a "better" date).

Suggestions are welcome.

Thanks,
Rich



2 Scenarios   13

2.1   UsernameToken   13
2.1.1   UsernameToken – no security binding   13
2.1.1.1   UsernameToken with plain text password   13
2.1.1.2   UsernameToken without password   14
2.1.1.3   UsernameToken with timestamp, nonce and password hash   15
2.1.2   Use of SSL Transport Binding   16
2.1.2.1   UsernameToken as supporting token   17
2.1.3   (WSS 1.0) UsernameTok w Mut X.509v3 Auth, Sign, Encrypt   19
2.1.3.1   (WSS 1.0) Encrypted UsernameToken with X.509v3   23
2.1.4   (WSS 1.1), User Name with Certificates, Sign, Encrypt   27

2.2   X.509 Token Authentication Scenario Assertions   31
2.2.1   (WSS1.0) X.509 Certificates, Sign, Encrypt   31
2.2.2   (WSS1.0) Mutual Auth with X.509 Certs, Sign, Encrypt   34
2.2.2.1   (WSS1.0) Mutual Auth, X.509 Certs, Symmetric Encrypt   38
2.2.3   (WSS1.1) Anonymous with X.509 Cert, Sign, Encrypt   42
2.2.4   (WSS1.1) Mutual Auth with X.509 Cert, Sign, Encrypt   46

2.3   SAML Token Authentication Scenario Assertions   52
2.3.1   WSS 1.0 SAML Token Scenarios   54
2.3.1.1   (WSS1.0) SAML1.1 Assertion (Bearer)   54
2.3.1.2   (WSS1.0) SAML1.1 Assertion (Sender Vouches (SV)) on SSL 56
2.3.1.3   (WSS1.0) SAML1.1 Assertion (Holder of key (HK)) on SSL  59
2.3.1.4   (WSS1.0) SAML1.1 (SV) w X.509 Cert, Sign, Option Encr   60
2.3.1.5   (WSS1.0) SAML1.1 Holder of Key, Sign, Optional Encrypt  66
2.3.2   WSS 1.1 SAML Token Scenarios   72
2.3.2.1   (WSS1.1) SAML 2.0 Bearer   72
2.3.2.2   (WSS1.1) SAML2.0 Sender Vouches over SSL   76
2.3.2.3   (WSS1.1) SAML2.0 HoK over SSL   78
2.3.2.4   (WSS1.1) SAML1.1/2.0 SV w X.509 Cert, Sign, Encr   83
2.3.2.5   (WSS1.1) SAML1.1/2.0 HK, Sign, Encrypt   89

2.4   Secure Conversation Scenarios  114
2.4.1   (WSS 1.0) Sec Conv bootstrap by Mut Auth w X.509 Certs  114


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]