Re: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC Meeting

[Rex Brooks <rexb@starbourne.com>]

Thanks Monica,

I would add a couple of concerns to what Carsten has here.

1. How can the depth information for preferences and confidential
information be added after authentication, verification and
certification? Will there be a defined format for that or can
HumanMarkup TC produce/recommend such.

2. Where in the process will such information beyond the single
sign-on occur. To WSIA-WSRP, for WSIA-WSRP purposes, also, what
format will be recommended and where in the process should that
information be requested/allowed into the protocol/specification?
This overlaps all four TCs.

3. Where will the information reside--with the concern being that
HumanMarkup TC is set to recommend that control and tracking and
destruction of said information after approved use remain with the
user and/or a non-govermental, non-proprietary, unbiased entity which
will not be empowered to sell or offer such information to third
parties.

Thanks, again,
Rex

At 9:35 AM +0200 8/28/02, Carsten Leue wrote:
>Hi Monica.
>
>Great that you are attending the meeting, that will give us the oppotunity
>to fix some outstanding questions. My current questions/concerns are:
>
>- will our role concept become obsolete in the near future? Will there be
>WS standards that handle role transfer/mapping directly inside the SOAP
>stack?
>- is what we define a "role" really a role from a security standpoint or
>rather a delegated user identity? Maybe the correct approach would be to
>let WS security send a couple of user identities rather than inventing our
>own role concept. Is this possible in WS-Security? Would it be the correct
>approach
>- does WS-Security define user identity mapping? If not how is the transfer
>of user identity supposed to work? Will there be an upcoming standard? Is
>the user identiy programmatically accessible? When will that be
>incorporated in standard SOAP stacks (AXIS, .NET)?
>
>- the basic question is: should be define security directly in our protocol
>at all or will WS-security and forthcoming standards handle this problem.
>
>Best regards
>Carsten Leue
>
>-------
>Dr. Carsten Leue
>Dept.8288, IBM Laboratory Böblingen , Germany
>Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401
>
>
>
>|---------+---------------------------->
>|         |           Monica Martin    |
>|         |           <mmartin@certivo.|
>|         |           net>             |
>|         |                            |
>|         |           08/27/2002 07:38 |
>|         |           PM               |
>|---------+---------------------------->
>
>>-------------------------------------------------------------------------------------------------------------------------------|
>   |
>|
>   |       To:       wsrp@lists.oasis-open.org,
>wsia@lists.oasis-open.org
>|
>   |       cc:       Monica Martin <mmartin@certivo.net>
>|
>   |       Subject:  [wsia] [wsia-wsrp] 8/27/2002: Upcoming
>WS-Security OASIS TC Meeting
>|
>   |
>|
>   |
>|
>
>>-------------------------------------------------------------------------------------------------------------------------------|
>
>
>
>I hope to be attending the upcoming WS-Security opening TC next week
>from 4-5 September 2002 in Redwood City. As this related standards
>development complements or affects our work, I am asking if you have
>general questions or inputs?  I could be more focused in providing any
>feedback for the benefit of the WSRP-WSIA efforts.
>
>Thank you.
>Monica J. Martin
>Drake Certivo, Inc.
>208.585.5946
>
>              -----Original Message-----
>              From: Lothar Merk
>              Sent: Fri 8/23/2002 12:51 AM
>              To: wsrp@lists.oasis-open.org; wsia@lists.oasis-open.org
>              Cc:
>              Subject: [wsia] WSIA/WSRP F2F Meeting - Registration - Final
>Reminder
>
>
>
>              Hello,
>
>              if you have not registered up to now and you intend to come to
>the
>              WSIA/WSRP F2F Meeting in Germany (September 9th-12th), please
>reply to this
>              e-mail today (August 23rd).
>              Please indicate if you will attend all 4 days or only parts of
>the meeting.
>              Attached you can find a list of persons that registered so
>far.
>Please send
>              me a mail if you registered and cannot find you name in the
>list.
>
>              You can find the agenda and information about the meeting
>location/hotels
>              at http://oasis-open.org/committees/wsrp/meetings/index.shtml.
>
>              Regards,
>
>              Lothar
>
>              (See attached file: 3rdF2FReg.htm)
>              ----- Forwarded by Lothar Merk/Germany/IBM on 23.08.2002 08:30
>-----
>
>Lothar Merk
>To:       wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org
>19.08.2002 08:32         cc:
>From:     Lothar Merk/Germany/IBM@IBMDE
>Subject:  F2F Meeting - Registration - 2nd Reminder
>Hi All,
>
>              Please reply to this e-mail until end of this week (August
>23rd)
>to
>              register for the WSIA/WSRP F2F Meeting in Germany (September
>9th-12th).
>              Please indicate if you will attend all 4 days or only parts of
>the meeting.
>
>              You can find the preliminary agenda and information about the
>meeting
>              location/hotels at
>              http://oasis-open.org/committees/wsrp/meetings/index.shtml.
>
>              Regards,
>
>              Lothar
>
>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>
>
>
>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>


--
Rex Brooks
Starbourne Communications Design
1361-A Addison, Berkeley, CA 94702 *510-849-2309
http://www.starbourne.com * rexb@starbourne.com