OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] Blended Authentication (AKA "Granular Access Control")

[ Lists Home | Date Index | Thread Index ]

 

> 
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com] 
> Sent: Wednesday, May 07, 2003 10:06 AM
> To: Rich Salz
> Cc: xml-dev@lists.xml.org
> 
> <Quote>
> User1 authenticates to A and "delegates" its rights so that A 
> can present its rights, and the delegated User1 rights to B. 
> </Quote>
> 
> That works well from the perspective of A (the sender side) 
> because it asserts that A has the proper claims to access B 
> (this appears to me to be more of a "push" method). But what 
> if B does not consider A to be a valid user? How can B enforce this?
> 
> Also, what about a more granular level, such as at a WSDL 
> Operation or Message level?

Take a look at the WS-Security specs from IBM, Microsoft, et.al.  I believe
they cover your scenario fairly well.  In particular, look at the WS-Trust
spec:
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnglo
bspec/html/ws-trust.asp






 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS