[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xcbf] XCBF Web Services Security Token
Dear XCBFers, Attached is a first draft to define a web services security token for XCBF biometric information. Please review and comment. The editors are also taking another hard look at the work this weekend before submitting the draft for consideration to the OASIS WSS TC. The proposed XCBF security token has been designed to support both XCBF and X9.84 biometric security messages based on our common ASN.1 schema. This gives us the ability to gain some advantages from the compression achieved with binary encodings. But like the binary X.509 certificates in XCBF and other XML based standards, these values must be Base64 armored for transfer within SOAP messages. Still, with the sorts of web services I can imagine for XCBF, this format of token content may still be useful. It will be possible for a SOAP message recipient to process the Base64 XCBF security token content and send the binary XCBF message on its last network hop to a wireless, mobile or remote, or high volume transaction system in an efficient, compact binary format. This binary format can be easily converted to XML markup and for local use by an application. There is much more to do to actually achieve web services for biometrics. I have already started to work on a service description for on line user authentication. This would be a send-sample, match-against-template, return true-false sort of transaction system. But there also would be some benefit for creation of a biometric web service for data management - archiving biometric templates of access control activities involving biometrics, distribution of template from a central database to get them closer to the user, remote auditing of biometric systems to see that they conform to standards, and other request and response applications. These service descriptions have yet to be written. At the other end of possibilities, we still need to figure out how to add a biometric capbility to augment or replace user ID and password usage in the web services core specification. The goal here should be to enable use of XCBF for single sign-on authentication. Lots still to do. But I think that the attached is a good start. (Monica, this is an update of the copy I sent back to you yesterday). Phil Griffin
Attachment:
WSS-XCBF-20021123.zip
Description: Zip compressed data
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC