OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wsrp-comment] Public Comment

Agreed,

we plan to have a security technote addressing this issues.
The purpose of this technote will be to address the security use cases we
identified already and to try to give guidance how the various security
standards can be used in conjunction with WSRP.

Mit freundlichen Gruessen / best regards,

        Richard Jacob
______________________________________________________
IBM Lab Boeblingen, Germany
Dept.8288, WebSphere Portal Server Development
WSRP Team Lead & Technical Lead
WSRP Standardization
Phone: ++49 7031 16-3469  -  Fax: ++49 7031 16-4888
Email: mailto:richard.jacob@de.ibm.com


                                                                           
             comment-form@oasi                                             
             s-open.org                                                    
                                                                        To 
             07/05/2005 06:24          wsrp-comment@lists.oasis-open.org   
             PM                                                         cc 
                                                                           
                                                                   Subject 
             Please respond to         [wsrp-comment] Public Comment       
               richard.perks                                               
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Comment from: richard.perks@bea.com

Name: Richard Perks
Title: Principal Consultant
Organization: BEA Systems
Regarding Specification: WSRP 2.0

In a WSRP architecture involving producers from different vendors, how is
security performed?

The 1.0 specification does not account for security and we (BEA) have our
own SAML implementation for propagating a users identity to the producer.
For a heterogeneous producer architecture, what are the options?  I can't
see we have one in v1.0.

For 2.0, the specification also seems vague.  It defers to using other web
service standards but doesn't really mandate anything as far as I can tell.
We could assume everyone would adopt WS-Security, but will this be
consistent across vendors?  If the specification does not mandate the
specific rules for WS-Security (token type, auth method etc) then this will
lead to an interoperability issue.

---------------------------------------------------------------------
To unsubscribe, e-mail: wsrp-comment-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: wsrp-comment-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]