OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Public Comment

Comment from: richard.perks@bea.com

Name: Richard Perks
Title: Principal Consultant
Organization: BEA Systems
Regarding Specification: WSRP 2.0

In a WSRP architecture involving producers from different vendors, how is security performed?

The 1.0 specification does not account for security and we (BEA) have our own SAML implementation for propagating a users identity to the producer.  For a heterogeneous producer architecture, what are the options?  I can't see we have one in v1.0.

For 2.0, the specification also seems vague.  It defers to using other web service standards but doesn't really mandate anything as far as I can tell.  We could assume everyone would adopt WS-Security, but will this be consistent across vendors?  If the specification does not mandate the specific rules for WS-Security (token type, auth method etc) then this will lead to an interoperability issue.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]