[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wsrp] RE: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TCM eeting
Roles and user identity are really distinct concepts. Roles provide a way of grouping principals(users/groups) with similar attributes into a class that can be used for defining access control policies. A given user's identity does not need to be known to a particular application for role-based access control to be used by that application. User identity mapping is useful for distributed systems that don't share a common identifier for a user. A common WSRP use case is one where a Producer provisions user accounts in some back end application for each end-user. These user accounts may not be based on the identity the user authenticates with at the Consumer. In this case, a mapping is needed between the Consumer's authenticated identity and the back end application's identity for the user. WS-Security had no notion of identity mapping, at least in the original spec draft. I haven't looked at the recent addendum. -----Original Message----- From: Carsten Leue [mailto:CLEUE@de.ibm.com] Sent: Wednesday, August 28, 2002 12:36 AM To: Monica Martin Cc: Monica Martin; wsia@lists.oasis-open.org; wsrp@lists.oasis-open.org Subject: Re: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC Meeting Hi Monica. Great that you are attending the meeting, that will give us the oppotunity to fix some outstanding questions. My current questions/concerns are: - will our role concept become obsolete in the near future? Will there be WS standards that handle role transfer/mapping directly inside the SOAP stack? - is what we define a "role" really a role from a security standpoint or rather a delegated user identity? Maybe the correct approach would be to let WS security send a couple of user identities rather than inventing our own role concept. Is this possible in WS-Security? Would it be the correct approach - does WS-Security define user identity mapping? If not how is the transfer of user identity supposed to work? Will there be an upcoming standard? Is the user identiy programmatically accessible? When will that be incorporated in standard SOAP stacks (AXIS, .NET)? - the basic question is: should be define security directly in our protocol at all or will WS-security and forthcoming standards handle this problem. Best regards Carsten Leue ------- Dr. Carsten Leue Dept.8288, IBM Laboratory Böblingen , Germany Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 |---------+----------------------------> | | Monica Martin | | | <mmartin@certivo.| | | net> | | | | | | 08/27/2002 07:38 | | | PM | |---------+----------------------------> >--------------------------------------------------------------------------- ----------------------------------------------------| | | | To: wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org | | cc: Monica Martin <mmartin@certivo.net> | | Subject: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC Meeting | | | | | >--------------------------------------------------------------------------- ----------------------------------------------------| I hope to be attending the upcoming WS-Security opening TC next week from 4-5 September 2002 in Redwood City. As this related standards development complements or affects our work, I am asking if you have general questions or inputs? I could be more focused in providing any feedback for the benefit of the WSRP-WSIA efforts. Thank you. Monica J. Martin Drake Certivo, Inc. 208.585.5946 -----Original Message----- From: Lothar Merk Sent: Fri 8/23/2002 12:51 AM To: wsrp@lists.oasis-open.org; wsia@lists.oasis-open.org Cc: Subject: [wsia] WSIA/WSRP F2F Meeting - Registration - Final Reminder Hello, if you have not registered up to now and you intend to come to the WSIA/WSRP F2F Meeting in Germany (September 9th-12th), please reply to this e-mail today (August 23rd). Please indicate if you will attend all 4 days or only parts of the meeting. Attached you can find a list of persons that registered so far. Please send me a mail if you registered and cannot find you name in the list. You can find the agenda and information about the meeting location/hotels at http://oasis-open.org/committees/wsrp/meetings/index.shtml. Regards, Lothar (See attached file: 3rdF2FReg.htm) ----- Forwarded by Lothar Merk/Germany/IBM on 23.08.2002 08:30 ----- Lothar Merk To: wsrp@lists.oasis-open.org, wsia@lists.oasis-open.org 19.08.2002 08:32 cc: From: Lothar Merk/Germany/IBM@IBMDE Subject: F2F Meeting - Registration - 2nd Reminder Hi All, Please reply to this e-mail until end of this week (August 23rd) to register for the WSIA/WSRP F2F Meeting in Germany (September 9th-12th). Please indicate if you will attend all 4 days or only parts of the meeting. You can find the preliminary agenda and information about the meeting location/hotels at http://oasis-open.org/committees/wsrp/meetings/index.shtml. Regards, Lothar ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl> ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC