OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsia message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC Meeting


Roles and user identity are really distinct concepts.  Roles provide a way
of grouping principals(users/groups) with similar attributes into a class
that can be used for defining access control policies.  A given user's
identity does not need to be known to a particular application for
role-based access control to be used by that application.  

User identity mapping is useful for distributed systems that don't share a
common identifier for a user.  A common WSRP use case is one where a
Producer provisions user accounts in some back end application for each
end-user.  These user accounts may not be based on the identity the user
authenticates with at the Consumer.  In this case, a mapping is needed
between the Consumer's authenticated identity and the back end application's
identity for the user. 

WS-Security had no notion of identity mapping, at least in the original spec
draft.  I haven't looked at the recent addendum.
  
-----Original Message-----
From: Carsten Leue [mailto:CLEUE@de.ibm.com]
Sent: Wednesday, August 28, 2002 12:36 AM
To: Monica Martin
Cc: Monica Martin; wsia@lists.oasis-open.org; wsrp@lists.oasis-open.org
Subject: Re: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC
Meeting



Hi Monica.

Great that you are attending the meeting, that will give us the oppotunity
to fix some outstanding questions. My current questions/concerns are:

- will our role concept become obsolete in the near future? Will there be
WS standards that handle role transfer/mapping directly inside the SOAP
stack?
- is what we define a "role" really a role from a security standpoint or
rather a delegated user identity? Maybe the correct approach would be to
let WS security send a couple of user identities rather than inventing our
own role concept. Is this possible in WS-Security? Would it be the correct
approach
- does WS-Security define user identity mapping? If not how is the transfer
of user identity supposed to work? Will there be an upcoming standard? Is
the user identiy programmatically accessible? When will that be
incorporated in standard SOAP stacks (AXIS, .NET)?

- the basic question is: should be define security directly in our protocol
at all or will WS-security and forthcoming standards handle this problem.

Best regards
Carsten Leue

-------
Dr. Carsten Leue
Dept.8288, IBM Laboratory Böblingen , Germany
Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401



|---------+---------------------------->
|         |           Monica Martin    |
|         |           <mmartin@certivo.|
|         |           net>             |
|         |                            |
|         |           08/27/2002 07:38 |
|         |           PM               |
|---------+---------------------------->
 
>---------------------------------------------------------------------------
----------------------------------------------------|
  |
|
  |       To:       wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org
|
  |       cc:       Monica Martin <mmartin@certivo.net>
|
  |       Subject:  [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS
TC Meeting                                           |
  |
|
  |
|
 
>---------------------------------------------------------------------------
----------------------------------------------------|



I hope to be attending the upcoming WS-Security opening TC next week
from 4-5 September 2002 in Redwood City. As this related standards
development complements or affects our work, I am asking if you have
general questions or inputs?  I could be more focused in providing any
feedback for the benefit of the WSRP-WSIA efforts.

Thank you.
Monica J. Martin
Drake Certivo, Inc.
208.585.5946

             -----Original Message-----
             From: Lothar Merk
             Sent: Fri 8/23/2002 12:51 AM
             To: wsrp@lists.oasis-open.org; wsia@lists.oasis-open.org
             Cc:
             Subject: [wsia] WSIA/WSRP F2F Meeting - Registration - Final
Reminder



             Hello,

             if you have not registered up to now and you intend to come to
the
             WSIA/WSRP F2F Meeting in Germany (September 9th-12th), please
reply to this
             e-mail today (August 23rd).
             Please indicate if you will attend all 4 days or only parts of
the meeting.
             Attached you can find a list of persons that registered so
far.
Please send
             me a mail if you registered and cannot find you name in the
list.

             You can find the agenda and information about the meeting
location/hotels
             at http://oasis-open.org/committees/wsrp/meetings/index.shtml.

             Regards,

             Lothar

             (See attached file: 3rdF2FReg.htm)
             ----- Forwarded by Lothar Merk/Germany/IBM on 23.08.2002 08:30
-----

Lothar Merk
To:       wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org
19.08.2002 08:32         cc:
From:     Lothar Merk/Germany/IBM@IBMDE
Subject:  F2F Meeting - Registration - 2nd Reminder
Hi All,

             Please reply to this e-mail until end of this week (August
23rd)
to
             register for the WSIA/WSRP F2F Meeting in Germany (September
9th-12th).
             Please indicate if you will attend all 4 days or only parts of
the meeting.

             You can find the preliminary agenda and information about the
meeting
             location/hotels at
             http://oasis-open.org/committees/wsrp/meetings/index.shtml.

             Regards,

             Lothar



----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>




----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC