MHonArc v2.5.2 -->
wsia message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [wsia] [wsia-wsrp] 8/27/2002: Upcoming WS-Security OASIS TC Meeting
Thanks Monica,
I would add a couple of concerns to what Carsten has here.
1. How can the depth information for preferences and confidential
information be added after authentication, verification and
certification? Will there be a defined format for that or can
HumanMarkup TC produce/recommend such.
2. Where in the process will such information beyond the single
sign-on occur. To WSIA-WSRP, for WSIA-WSRP purposes, also, what
format will be recommended and where in the process should that
information be requested/allowed into the protocol/specification?
This overlaps all four TCs.
3. Where will the information reside--with the concern being that
HumanMarkup TC is set to recommend that control and tracking and
destruction of said information after approved use remain with the
user and/or a non-govermental, non-proprietary, unbiased entity which
will not be empowered to sell or offer such information to third
parties.
Thanks, again,
Rex
At 9:35 AM +0200 8/28/02, Carsten Leue wrote:
>Hi Monica.
>
>Great that you are attending the meeting, that will give us the oppotunity
>to fix some outstanding questions. My current questions/concerns are:
>
>- will our role concept become obsolete in the near future? Will there be
>WS standards that handle role transfer/mapping directly inside the SOAP
>stack?
>- is what we define a "role" really a role from a security standpoint or
>rather a delegated user identity? Maybe the correct approach would be to
>let WS security send a couple of user identities rather than inventing our
>own role concept. Is this possible in WS-Security? Would it be the correct
>approach
>- does WS-Security define user identity mapping? If not how is the transfer
>of user identity supposed to work? Will there be an upcoming standard? Is
>the user identiy programmatically accessible? When will that be
>incorporated in standard SOAP stacks (AXIS, .NET)?
>
>- the basic question is: should be define security directly in our protocol
>at all or will WS-security and forthcoming standards handle this problem.
>
>Best regards
>Carsten Leue
>
>-------
>Dr. Carsten Leue
>Dept.8288, IBM Laboratory B�blingen , Germany
>Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401
>
>
>
>|---------+---------------------------->
>| | Monica Martin |
>| | <mmartin@certivo.|
>| | net> |
>| | |
>| | 08/27/2002 07:38 |
>| | PM |
>|---------+---------------------------->
>
>>-------------------------------------------------------------------------------------------------------------------------------|
> |
>|
> | To: wsrp@lists.oasis-open.org,
>wsia@lists.oasis-open.org
>|
> | cc: Monica Martin <mmartin@certivo.net>
>|
> | Subject: [wsia] [wsia-wsrp] 8/27/2002: Upcoming
>WS-Security OASIS TC Meeting
>|
> |
>|
> |
>|
>
>>-------------------------------------------------------------------------------------------------------------------------------|
>
>
>
>I hope to be attending the upcoming WS-Security opening TC next week
>from 4-5 September 2002 in Redwood City. As this related standards
>development complements or affects our work, I am asking if you have
>general questions or inputs? I could be more focused in providing any
>feedback for the benefit of the WSRP-WSIA efforts.
>
>Thank you.
>Monica J. Martin
>Drake Certivo, Inc.
>208.585.5946
>
>