WebApp Sec mailing list archives
Re: Federated Security Applications and Implications.
From: "Chandrashekhar B" <Bchandrashekar () novell com>
Date: Mon, 14 Apr 2003 06:59:14 -0600
Hi, You can take a look at SAML which is a standard XML syntax for sharing authentication and authorization assertions embedded in SOAP messages. Here are some locators, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security, http://xml.coverpages.org/saml.html 2. An XMl encoded SPKI which is a Certificate structure and operating procedure for trust management across domains, http://xml.coverpages.org/xml-spki.html Thanks, Chandru.
"Shaji Sethu" <ssethu () micros com> 04/09/03 03:41AM >>>
All, Recently I have been investigating requirements to build a pseudo P2P (uses a combination of P2P and Client Server) distributed application based on XML web services. The main requirement for the application has to be such that secure domains can join or leave the application network without much effort. The platform has not been finalised yet but my preference is .NET. Considering the requirements a Federated Architecture for security comes to mind, the only application that comes close to it is the Liberty One from Sun. I had talked to the local Microsoft guys in Australia and they suggested Trust Bridge which was due for shipment with Windows 2003 and their specifications were a bit vague and pointed me to a msdn web site with 5 lines explaining it. The question is: 1. Is there any solution out there which implements federated security model where security domains can easily join and leave without complex system administration. 2. Are there any white papers or research papers published on this (BTW I have gone through the ACM archives without much luck)? 3. Has anyone looked at the security implications of this and WS-Security? 4. Is this viable or does this technology has the pie in the sky status? Thanks for any help on this. Best Regards. Shaji Sethu System Developer myFidelio.net Web: www.micros.com
Current thread:
- Federated Security Applications and Implications. Shaji Sethu (Apr 12)
- <Possible follow-ups>
- Re: Federated Security Applications and Implications. Chandrashekhar B (Apr 14)
- Re: Federated Security Applications and Implications. Chandrashekhar B (Apr 14)