[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [wsrp] NetUnity's answers to Security Questions
Considering the number of
customer requests for interoperable security profiles and the lack of a
standardized policy framework for negotiating a security profile to use for
WSRP-related messages, the WSRP TC is seeking input about whether simple
interim, interoperable profiles could be defined for the use case of multiple
vendor's implementations being deployed within a single security domain in the
mid-2006 timeframe. 1. The WSRP use case
involves an intermediary (the WSRP Consumer) acting on behalf of an End-User
when interacting with the web service provider (the WSRP Producer). As a
result, there is an interest in transferring the identities of both the WSRP
Consumer and the End-User to the WSRP Producer. This results in several
questions: 1.a. Do you support the
receipt of multiple identities (Consumer and End-User) on a SOAP message
which can be separately queried by the provider application? Do you support
sending multiple identities? <mike> No support for sending
multiple identities. Support for receiving of multiple identities. </mike> 1.b. What WS-Security tokens
will be supported for transferring identities (e.g. UserName, SAML, Kerberos,
Digital Signature, etc)? <mike> UserName, UserName/Password;
others can be supported on the producer side via SOAP plugins/filters. </mike> 1.c. Would transferring the
End-User identity via a WS-Security token and the Consumer identity via
transport-level security be supported? <mike> Yes, on the producer side. </mike> 1.d. Any restrictions on how
multiple identities can be attached to a particular SOAP message? <mike> Limited to 1 on the consumer
side, But no limitations on the producer side in receiving multiple identities
and processing then via SOAP plugins/filters. </mike> 2. What security granularity
is expected when transferring an identity (for example; portals often have a
concept of user role that relates to the End-User's current use of the portal
rather than their identity ... is the transfer of such
attributes supported (e.g. via SAML attributes))? <mike> Not support on consumer
side; Producer may process attributes by SOAP plugins/filter. </mike> 3. Is support for
maintaining security contexts for multiple web service requests anticipated? If
so, using what security technology (e.g. WS-SecureConversation)? <mike> Not at this time. </mike> 4. Is automated
configuration of all endpoints supported? If so, how are any particular inputs
to the process indicated, supported, standardized and maintained? <mike> Not at this time. </mike> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]