Re: [wsrp] RE: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-SecurityOASIS TC M eeting

[Alejandro Abdelnur <alejandro.abdelnur@sun.com>]

Yes and yes, I agree with Mark.

I've also found out what Mark mentions in is last sentence, that 
WS-Security does not have the notion of identity mapping in its current 
draft.

In a previous conf call we've said that we would be removing userID from 
the protocol because WS-Security would provide that mapping.
As it turned out things are different we may need to rediscuss this.

Alejandro

Cassidy, Mark wrote:
> Roles and user identity are really distinct concepts.  Roles provide a way
> of grouping principals(users/groups) with similar attributes into a class
> that can be used for defining access control policies.  A given user's
> identity does not need to be known to a particular application for
> role-based access control to be used by that application.  
> 
> User identity mapping is useful for distributed systems that don't share a
> common identifier for a user.  A common WSRP use case is one where a
> Producer provisions user accounts in some back end application for each
> end-user.  These user accounts may not be based on the identity the user
> authenticates with at the Consumer.  In this case, a mapping is needed
> between the Consumer's authenticated identity and the back end application's
> identity for the user. 
> 
> WS-Security had no notion of identity mapping, at least in the original spec
> draft.  I haven't looked at the recent addendum.
>   
> -----Original Message-----
> From: Carsten Leue [mailto:CLEUE@de.ibm.com]
> Sent: Wednesday, August 28, 2002 12:36 AM
> To: Monica Martin
> Cc: Monica Martin; wsia@lists.oasis-open.org; wsrp@lists.oasis-open.org
> Subject: Re: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC
> Meeting
> 
> 
> 
> Hi Monica.
> 
> Great that you are attending the meeting, that will give us the oppotunity
> to fix some outstanding questions. My current questions/concerns are:
> 
> - will our role concept become obsolete in the near future? Will there be
> WS standards that handle role transfer/mapping directly inside the SOAP
> stack?
> - is what we define a "role" really a role from a security standpoint or
> rather a delegated user identity? Maybe the correct approach would be to
> let WS security send a couple of user identities rather than inventing our
> own role concept. Is this possible in WS-Security? Would it be the correct
> approach
> - does WS-Security define user identity mapping? If not how is the transfer
> of user identity supposed to work? Will there be an upcoming standard? Is
> the user identiy programmatically accessible? When will that be
> incorporated in standard SOAP stacks (AXIS, .NET)?
> 
> - the basic question is: should be define security directly in our protocol
> at all or will WS-security and forthcoming standards handle this problem.
> 
> Best regards
> Carsten Leue
> 
> -------
> Dr. Carsten Leue
> Dept.8288, IBM Laboratory Böblingen , Germany
> Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401
> 
> 
> 
> |---------+---------------------------->
> |         |           Monica Martin    |
> |         |           <mmartin@certivo.|
> |         |           net>             |
> |         |                            |
> |         |           08/27/2002 07:38 |
> |         |           PM               |
> |---------+---------------------------->
>  
> 
>>---------------------------------------------------------------------------
> 
> ----------------------------------------------------|
>   |
> |
>   |       To:       wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org
> |
>   |       cc:       Monica Martin <mmartin@certivo.net>
> |
>   |       Subject:  [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS
> TC Meeting                                           |
>   |
> |
>   |
> |
>  
> 
>>---------------------------------------------------------------------------
> 
> ----------------------------------------------------|
> 
> 
> 
> I hope to be attending the upcoming WS-Security opening TC next week
> from 4-5 September 2002 in Redwood City. As this related standards
> development complements or affects our work, I am asking if you have
> general questions or inputs?  I could be more focused in providing any
> feedback for the benefit of the WSRP-WSIA efforts.
> 
> Thank you.
> Monica J. Martin
> Drake Certivo, Inc.
> 208.585.5946
> 
>              -----Original Message-----
>              From: Lothar Merk
>              Sent: Fri 8/23/2002 12:51 AM
>              To: wsrp@lists.oasis-open.org; wsia@lists.oasis-open.org
>              Cc:
>              Subject: [wsia] WSIA/WSRP F2F Meeting - Registration - Final
> Reminder
> 
> 
> 
>              Hello,
> 
>              if you have not registered up to now and you intend to come to
> the
>              WSIA/WSRP F2F Meeting in Germany (September 9th-12th), please
> reply to this
>              e-mail today (August 23rd).
>              Please indicate if you will attend all 4 days or only parts of
> the meeting.
>              Attached you can find a list of persons that registered so
> far.
> Please send
>              me a mail if you registered and cannot find you name in the
> list.
> 
>              You can find the agenda and information about the meeting
> location/hotels
>              at http://oasis-open.org/committees/wsrp/meetings/index.shtml.
> 
>              Regards,
> 
>              Lothar
> 
>              (See attached file: 3rdF2FReg.htm)
>              ----- Forwarded by Lothar Merk/Germany/IBM on 23.08.2002 08:30
> -----
> 
> Lothar Merk
> To:       wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org
> 19.08.2002 08:32         cc:
> From:     Lothar Merk/Germany/IBM@IBMDE
> Subject:  F2F Meeting - Registration - 2nd Reminder
> Hi All,
> 
>              Please reply to this e-mail until end of this week (August
> 23rd)
> to
>              register for the WSIA/WSRP F2F Meeting in Germany (September
> 9th-12th).
>              Please indicate if you will attend all 4 days or only parts of
> the meeting.
> 
>              You can find the preliminary agenda and information about the
> meeting
>              location/hotels at
>              http://oasis-open.org/committees/wsrp/meetings/index.shtml.
> 
>              Regards,
> 
>              Lothar
> 
> 
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
> 
> 
> 
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>