wsrp message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [wsrp] draft security profile questions
- From: Rich Thompson <richt2@us.ibm.com>
- To: wsrp@lists.oasis-open.org
- Date: Thu, 13 Oct 2005 09:45:19 -0400
To Subbu's specific question; yes, WS-SecureConversation
would be an example of such security technology.
I also received some feedback from internal
security folks that these questions were too broad to get meaningful feedback,
but rather would just embroil the TC in the general question about identifying
the particular security profile to use for communication between a particular
pair of parties. That discussion is already happening elsewhere and I don't
think any of us want to interject ourselves into that debate. Here is a
second draft attempting to provide more clarity to the questions and gather
the information the TC wanted without becoming embroiled in the general
debate.
----------------------- draft starts below --------------------
Considering the number of customer requests for interoperable security
profiles and the lack of a standardized policy framework for negotiating
a security profile to use for WSRP-related messages, the WSRP TC is seeking
input about whether simple interim, interoperable profiles could be defined
for the use case of multiple vendor's implementations being deployed within
a single security domain in the mid-2006 timeframe.
1. The WSRP use case involves an intermediary (the WSRP Consumer) acting
on behalf of an End-User when interacting with the web service provider
(the WSRP Producer). As a result, there is an interest in transferring
the identities of both the WSRP Consumer and the End-User to the WSRP Producer.
This results in several questions:
1.a. Do you support the receipt of multiple
identities on a SOAP message which can be separately queried by the provider
application?
1.b. What WS-Security tokens will be supported
for transferring identities?
1.c. Will a mixture of WS-Security tokens and
transport-level identity transfer be supported?
1.d. Any restrictions on how multiple identities
can be attached to a particular SOAP message?
2. What security granularity is expected when transferring
an identity (for example; portals often have a concept of user role that
relates to the End-User's current use of the portal rather than their identity
... is the transfer of such attributes supported)?
3. Is support for maintaining security contexts for
multiple web service requests anticipated? If so, using what security technology?
4. Is automated configuration of all endpoints supported?
If so, how are any particular inputs to the process indicated, supported,
standardized and maintained?
Rich Thompson
OASIS WSRP TC Chair
Subbu Allamaraju <subbu@bea.com>
10/12/05 11:58 AM
|
To
| wsrp@lists.oasis-open.org
|
cc
|
|
Subject
| Re: [wsrp] draft security profile questions |
|
On question (5) below, are you referring to something
like
WS-SecureConversation?
Subbu
Rich Thompson wrote:
>
> Please provide feedback on the questions we want to use for contacting
> our various security teams about the possibility of building one or
two
> simple security profiles for use while waiting for standardized policy
> frameworks to emerge. Hopefully we can agree on a short set of questions
> over the next week such that the gathering of input can begin shortly
> after that.
>
> ----------------------- draft starts below --------------------
>
> Considering the number of customer requests for interoperable security
> profiles and the lack of a standardized policy framework for negotiating
> a security profile to use for WSRP-related messages, the WSRP TC is
> seeking input about whether simple interoperable profiles could be
> defined. In particular, which of the following items is expected to
be
> supported in the mid-2006 timeframe:
>
> 1. Transferring a Consumer identity via SSL/TLS, an End-User
identity
> via a WS-Security token and exposing both to
applications.
> 2. Transferring a Consumer identity via a digital signature,
an
> End-User identity via a WS-Security token and
exposing both to
> applications.
> 3. Which WS-Security tokens do you expect to be supporting?
> 4. If SAML is supported, what user attributes will be
supported?
> 5. Is support for maintaining security contexts for multiple
web
> service requests anticipated? If so, using what
technology?
> 6. Is automated configuration supported? If so, are any
particular
> inputs to the process required?
>
> ---------------------------------------------------------------------
To
> unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. You may a link to this group and all your TCs
in
> OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs
in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]