wsrp message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: [wsrp] updated draft security profile questions
- From: Rich Thompson <richt2@us.ibm.com>
- To: wsrp@lists.oasis-open.org
- Date: Thu, 1 Dec 2005 14:31:56 -0500
Based on the feedback to-date,
here is a clarified set of questions. The consensus on today's Interfaces
SC call was to give people a week to potentially suggest additional refinements
and then request answers from each vendor's security teams.
----------------------- draft starts
below --------------------
Considering the number of customer requests for interoperable security
profiles and the lack of a standardized policy framework for negotiating
a security profile to use for WSRP-related messages, the WSRP TC is seeking
input about whether simple interim, interoperable profiles could be defined
for the use case of multiple vendor's implementations being deployed within
a single security domain in the mid-2006 timeframe.
1. The WSRP use case involves an intermediary (the WSRP Consumer) acting
on behalf of an End-User when interacting with the web service provider
(the WSRP Producer). As a result, there is an interest in transferring
the identities of both the WSRP Consumer and the End-User to the WSRP Producer.
This results in several questions:
1.a. Do you support the receipt of multiple identities (Consumer and End-User)
on a SOAP message which can be separately queried by the provider application?
Do you support sending multiple
identities?
1.b. What WS-Security tokens will be supported for transferring identities
(e.g. UserName, SAML, Kerberos, Digital Signature, etc)?
1.c. Would transferring the End-User identity via a WS-Security token
and the Consumer identity via transport-level security be supported?
1.d. Any restrictions on how multiple identities can be attached to a
particular SOAP message?
2. What security granularity is expected when transferring an identity
(for example; portals often have a concept of user role that relates to
the End-User's current use of the portal rather than their identity ...
is the transfer of such attributes supported (e.g. via SAML attributes))?
3. Is support for maintaining security contexts for multiple web service
requests anticipated? If so, using what security technology (e.g. WS-SecureConversation)?
4. Is automated configuration of all endpoints supported? If so, how are
any particular inputs to the process indicated, supported, standardized
and maintained?
Rich Thompson
OASIS WSRP TC Chair
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]