Attendees:
Mark Cassidy, Jeff Broberg, Thomas Schaeck, Yossi Tamari, Alejandro Abdelnur, Bill Cox, Bob Serr, Adam Nolan, Mike Freedman, Rich Thompson, Carsten Leue
Agenda:
1. Feedback
around proposed focal points for this group:
-
portal identity, trust relationship between portal and portlet
- end user identity, profile, and credentials
- secure transmission of data
No significant issues raised on the above points. BobS raised the question of whether we should include access control functionality as part of WSRP scope. For example, if a portlet implements differentiated levels of access based on some user attributes, does the portal need to enforce these? Consensus from this discussion was that it shouldn’t be required that the portal enforce access control on behalf of portlets, but it may make sense to provide a mechanism for the portal to pass assertions about the user to the portlet so it may apply it’s own access control logic to the request. This will be captured under the ‘end user identity’-related requirements.
BobS also asserted that as a general philosophy, as little as possible should be communicated between portal and portlet about the end-user. Yossi: portlet should define end user data it requires as part of its metadata. MikeF: should have good defaults for this. RichT: portal is where any user privacy preferences(ala P3P) need to be enforced.
MikeF brought up the issue of replay attacks and a need to support safeguard mechanisms. Thomas raised the point that secure transport provides some protection here, and that we should consider constraining our focus on SSL. Rich argued that xml encryption is also an important element in prevention of replay attacks, and that we shouldn’t drop that as solution that should be possible with WSRP. Carsten raised the issue that SSL interoperability across j2ee/.net/… platforms is good, and SSL can be declared in UDDI, while there are concerns about interoperability of xml document encryption mechanisms.
2. Related Standards efforts: we walked through the standards efforts outlined in the WSIA Embedded document and identified the most relevant to focus on in the WSRP context. Highest priority is to focus on the following as relevant to WSRP:
- XML Signature(W3C/IETF)
- XML Encryption(W3C)
- SAML(OASIS)
The specs in these areas need to be analyzed for use with WSRP as a means to address requirements in each of the focus areas of this working group. BobS pointed out that use of any of these mechanisms should not be required by portlets but that they should be optional. Thomas further emphasized this with the point that implementing digital signatures for end-users can be quite complex, requiring an end-user-client mechanism such as a smart card or other technique.
3. Trust relationshship flow: Thomas walked through a conceptual flow for establishing & revoking trust between portal and portlet. Discussion around initial step of setting up business relationship transaction with service provider. Metadata may describe that a credential is required which would likely be obtained by the portal outside of WSRP prior to initial service bind. MikeF raised question of whether there is a scenario where credential would be delivered programmatically to the portal at bind time. Conclusion was that WSRP protocol should deal with returning a bind ID(in effect for the life of the trust relationship). Trust relationship isn’t required between portal and portlet, but when one is needed, the portal would obtain its credential outside of WSRP.
It was also noted that passing credentials in conjunction with a service request subsequent to initial service bind does not need to involve WSRP protocol. For example, a client certificate used to obtain a secure transport connection between portal and portlet would be passed outside of the WSRP protocol.
4. User identity scenarios: Walkthrough of Yossi’s user identity scenarios was rescheduled for the next telecon due to time constraints.
Other: MikeF asked whether this group was also a catch-all for other issues such as caching, etc. MarkC thought no, others thought we have plenty to do on security issues to add other topics. Will raise this question in the next all-WSRP telecon.