wsrp-interfaces message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [wsrp-interfaces] Groups - SecurityQuestions.xls uploaded
- From: Rich Thompson <richt2@us.ibm.com>
- To: wsrp-interfaces@lists.oasis-open.org
- Date: Thu, 2 Mar 2006 14:33:59 -0500
I agreed to provide a summarizing email
proposing how we move forward after the initial discussion on this issue
on the Interfaces SC call.
The base level goal is to define an
interoperable means for propagating the user's identity to the Producer.
Other possible goals (e.g. Consumer identity, metadata about supported/required
protocols/tokens/algorithms, etc) haven't achieved either as broad a consensus
on their need or feasibility to address on this first pass. I would encourage
those with a definitive proposal regarding such goals to start an email
thread around their goal and proposal once the discussion around this base
one draws toward a conclusion.
The clear thing from the answers we
received is that the UserName token is broadly supported. At the minimum,
we can encourage it to be the default means for transferring the user's
identity. Therefore, I propose adding the following to the first paragraph
of 11.2:
As the UserName token, defined by WS-Security,
appears to have the broadest implementation support, it is RECOMMENDED
that Consumers use the UserName token to transfer the user's identity to
the Producer unless either policy prevents the Consumer from making such
a transfer or a different means has been mutually configured for transferring
the user's identity to the Producer.
Comments?
Rich
Rich Thompson/Watson/IBM@IBMUS
02/22/06 11:54 AM
|
To
| wsrp-interfaces@lists.oasis-open.org
|
cc
|
|
Subject
| Re: [wsrp-interfaces] Groups - SecurityQuestions.xls
uploaded |
|
Here is the promised spreadsheet summarizing the answers received. At a
high level, there appear to be two ways to transfer multiple IDs which
multiple companies support:
1. User ID via WSS token; Consumer ID via SSL/TLS
2. User ID via WSS token; Consumer ID via digital signature
Also, # companies supporting a particular WSS token (out of 6 answers received):
6 - UserName
4 - SAML (did everyone mean the explicit "sendvouches" Mike referred
to?)
3 - Digital Signature
2 - UserName/PW
1 - Liberty
Hopefully this provides a little fodder for thought ahead of the Interfaces
SC call to discuss next steps.
Rich
Rich Thompson/Watson/IBM@IBMUS
02/22/06 11:40 AM
|
To
| wsrp-interfaces@lists.oasis-open.org
|
cc
|
|
Subject
| [wsrp-interfaces] Groups - SecurityQuestions.xls
uploaded |
|
The document named SecurityQuestions.xls has been submitted by Rich
Thompson to the WSRP Interfaces SC document repository.
Document Description:
Summaries extracted from answers to security questions.
View Document Details:
http://www.oasis-open.org/apps/org/workgroup/wsrp-interfaces/document.php?document_id=16838
Download Document:
http://www.oasis-open.org/apps/org/workgroup/wsrp-interfaces/download.php/16838/SecurityQuestions.xls
PLEASE NOTE: If the above links do not work for you, your email application
may be breaking the link into two pieces. You may be able to copy
and paste
the entire link address into the address field of your web browser.
-OASIS Open Administration
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]