OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xcbf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xcbf] XCBF Web Services Security Token

Dear XCBFers,

Attached is a first draft to define a web services security token for XCBF
biometric information. Please review and comment. The editors are also
taking another hard look at the work this weekend before submitting the
draft for consideration to the OASIS WSS TC.

The proposed XCBF security token has been designed to support both
XCBF and X9.84 biometric security messages based on our common
ASN.1 schema. This gives us the ability to gain some advantages from
the compression achieved with binary encodings.

But like the binary X.509 certificates in XCBF and other XML based
standards, these values must be Base64 armored for transfer within SOAP
messages. Still, with the sorts of web services I can imagine for XCBF, this
format of token content may still be useful.

It will be possible for a SOAP message recipient to process the Base64
XCBF security token content and send the binary XCBF message on its
last network hop to a wireless, mobile or remote, or high volume transaction
system in an efficient, compact binary format. This binary format can be
easily converted to XML markup and for local use by an application.

There is much more to do to actually achieve web services for biometrics.
I have already started to work on a service description for on line user
authentication. This would be a send-sample, match-against-template,
return true-false sort of transaction system.

But there also would be some benefit for creation of a biometric web 
service
for data  management - archiving biometric templates of access control
activities involving biometrics, distribution of template from a central 
database
to get them closer to the user, remote auditing of biometric systems to 
see that
they conform to standards, and other request and response applications. 
These
service descriptions have yet to be written.

At the other end of possibilities, we still need to figure out how to 
add a biometric
capbility to augment or replace user ID and password usage in the web 
services
core specification. The goal here should be to enable use of XCBF for 
single sign-on
authentication.

Lots still to do. But I think that the attached is a good start.

(Monica, this is an update of the copy I sent back to you yesterday).

Phil Griffin

Attachment: WSS-XCBF-20021123.zip
Description: Zip compressed data

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC