OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [wsrp] Groups - F2F200411-security.ppt uploaded


Title: RE: [wsrp] Groups - F2F200411-security.ppt uploaded

Sorry I did not manage to call in after (your) Lunch for the security presentation.

If we are to work actively with other OASIS TCs (which is a very good proposal) then we need to get our use cases very clear. I would say that non-repudiation (slide 1 item 5) is outside the scope of 2.0. Instead, I would explicitly add (6) transfer credential for back-end / legacy application login and (7) ability to assert user roles to the slide 1 summary of our security requirements.

It strikes me that the issues on slide 6 and 8 can be addressed by use of the SAML security framework and that a link to both the Web Service Security (WSS) TC and the Security Services (SAML) TC are therefore needed.

Indeed, I would partition our needs (from the use cases) as follows:

- WSS for transmitting tokens (and optionally signing & encrypting mechanics)
- SAML for all assertions

This would also lessen the need to invent/depend on new WSS extensions.

Regards,
Andre

-----Original Message-----
From: richard.jacob@de.ibm.com [mailto:richard.jacob@de.ibm.com]
Sent: 10 November 2004 14:09
To: wsrp@lists.oasis-open.org
Subject: [wsrp] Groups - F2F200411-security.ppt uploaded

The document F2F200411-security.ppt has been submitted by Richard Jacob (richard.jacob@de.ibm.com) to the OASIS Web Services for Remote Portlets (WSRP) TC document repository.

Document Description:


Download Document: 
http://www.oasis-open.org/apps/org/workgroup/wsrp/download.php/9993/F2F200411-security.ppt

View Document Details:
http://www.oasis-open.org/apps/org/workgroup/wsrp/document.php?document_id=9993


PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.



To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wsrp/members/leave_workgroup.php.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]