OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ws-sx Examples Document Interop - Kick-Off Meeting

To all interested prospective Interop participants:

The dates for the planned Virtual Interop have been changed based
on initial feedback (more time to prepare and more time to execute)
 and are now planned to be:

    Oct 27, 2008 -> Nov 14, 2008

As described at last week's TC meeting:

there will be a kick-off meeting conference call held, which now has
a specific date, time, and dial-in conf:

    Wed Aug 27   at 10 AM (EDT)  (7AM (PDT))
(note: usual TC mtg time but on in-between week,
      but also note: different dial in instructions:)

Dial-in:                888-967-2253 
Meeting code:    902688# 
Pass code:           123456#


1. Description of planned Interop (see email below copied
    from earlier email w dates changed)

2. Discussion of dates chosen (3wks: Oct 27-Nov14)

3. Discussion of scenarios selected (suggestions welcome
    if current selection is thought to be able to be improved)

4. Next Steps.


Rich.Levinson wrote:
48AB76C1.6080209@oracle.com" type="cite">To: WS-SX TC members:

Based on action item from the 7/23 ws-sx minutes:

We are planning (proposing) to have a *virtual interop* during the weeks
of Oct 27 - Nov 14 for the ws-sx examples document.


Below is a tidied up copy of the full table of contents. From that list the
following have been selected as the initial candidates for this Interop. These
are subject to revision at the agreement of the participating parties. It is
expected that if this first Interop goes well then there will be subsequent
Interops to test additional scenarios. (Possibly this effort can lead to an
eventual participation in a generally available Interop test network with
a focus on security.)

The intent is to pick scenarios that vendors support and are interested in
promoting for customer use. We will also consider adding new scenarios not
included in the doc if there is significant interest in that. Similarly, the existing
examples can be molded to meet current practice if discrepancies are found.

The "flavor" of these scenarios is primarily straight WS-Security with WS-SP policies
applied. However, there is one scenario that includes WS-Trust ( (the ws-sx
interop scenario) and one with WS-SecureConversation (2.4.1).   UsernameToken with timestamp, nonce and password hash      15   (WSS 1.0) Encrypted UsernameToken with X.509v3      23
2.1.4   (WSS 1.1), User Name with Certificates, Sign, Encrypt      27   (WSS1.0) Mutual Auth, X.509 Certs, Symmetric Encrypt      38
2.2.4   (WSS1.1) Mutual Auth with X.509 Cert, Sign, Encrypt      46   (WSS1.1) SAML1.1/2.0 SV w X.509 Cert, Sign, Encr      83   (WSS1.1) SAML1.1/2.0 HK, Sign, Encrypt *(Needs STS)*      89

2.4.1   (WSS 1.0) Sec Conv bootstrap by Mut Auth w X.509 Certs     114

The selections were loosely based on the level of interest shown
during the TC by various contributors. They also represent a good
cross-section of the capabilities and include some of the more
difficult examples. As indicated above, it is intended that the
participants agree on the scenarios selected, so the initial task
will be to agree on the objectives. If at least 2 participants are
willing to do an example then it should be included.

Please send an email to me directly to indicate interest and copy
anyone else in the TC (or the whole TC) if you want others to know
of your initial interest (i.e. willing to listen to tentative
conditional interest levels as well, since the initial purpose of this email is to gauge the interest to try to establish critical
mass - date will be flexible if there is interest in a "better" date).

Suggestions are welcome.


2 Scenarios							  13

2.1   UsernameToken						  13
2.1.1   UsernameToken – no security binding			  13   UsernameToken with plain text password		  13   UsernameToken without password			  14   UsernameToken with timestamp, nonce and password hash	  15
2.1.2   Use of SSL Transport Binding				  16   UsernameToken as supporting token			  17
2.1.3   (WSS 1.0) UsernameTok w Mut X.509v3 Auth, Sign, Encrypt	  19   (WSS 1.0) Encrypted UsernameToken with X.509v3	  23
2.1.4   (WSS 1.1), User Name with Certificates, Sign, Encrypt	  27

2.2   X.509 Token Authentication Scenario Assertions		  31
2.2.1   (WSS1.0) X.509 Certificates, Sign, Encrypt		  31
2.2.2   (WSS1.0) Mutual Auth with X.509 Certs, Sign, Encrypt	  34   (WSS1.0) Mutual Auth, X.509 Certs, Symmetric Encrypt	  38
2.2.3   (WSS1.1) Anonymous with X.509 Cert, Sign, Encrypt	  42
2.2.4   (WSS1.1) Mutual Auth with X.509 Cert, Sign, Encrypt	  46

2.3   SAML Token Authentication Scenario Assertions		  52
2.3.1   WSS 1.0 SAML Token Scenarios				  54   (WSS1.0) SAML1.1 Assertion (Bearer)			  54   (WSS1.0) SAML1.1 Assertion (Sender Vouches (SV)) on SSL 56   (WSS1.0) SAML1.1 Assertion (Holder of key (HK)) on SSL  59   (WSS1.0) SAML1.1 (SV) w X.509 Cert, Sign, Option Encr	  60   (WSS1.0) SAML1.1 Holder of Key, Sign, Optional Encrypt  66
2.3.2   WSS 1.1 SAML Token Scenarios				  72   (WSS1.1) SAML 2.0 Bearer				  72   (WSS1.1) SAML2.0 Sender Vouches over SSL		  76   (WSS1.1) SAML2.0 HoK over SSL				  78   (WSS1.1) SAML1.1/2.0 SV w X.509 Cert, Sign, Encr	  83   (WSS1.1) SAML1.1/2.0 HK, Sign, Encrypt		  89

2.4   Secure Conversation Scenarios				 114
2.4.1   (WSS 1.0) Sec Conv bootstrap by Mut Auth w X.509 Certs	 114

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]