xml-dev - RE: [xml-dev] Blended Authentication (AKA "Granular Access Control")

RE: [xml-dev] Blended Authentication (AKA "Granular Access Control")

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: RE: [xml-dev] Blended Authentication (AKA "Granular Access Control")
From: "Cavnar-Johnson, John" <JCavnar-Johnson@sark.com>
Date: Wed, 7 May 2003 10:18:35 -0500
In-reply-to: <3EB920CC.11978223@bah.com>
Thread-index: AcMUqldo/65tQ6h1RE6EnfmvU+VtXwAASHjg

 

> 
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@bah.com] 
> Sent: Wednesday, May 07, 2003 10:06 AM
> To: Rich Salz
> Cc: xml-dev@lists.xml.org
> 
> <Quote>
> User1 authenticates to A and "delegates" its rights so that A 
> can present its rights, and the delegated User1 rights to B. 
> </Quote>
> 
> That works well from the perspective of A (the sender side) 
> because it asserts that A has the proper claims to access B 
> (this appears to me to be more of a "push" method). But what 
> if B does not consider A to be a valid user? How can B enforce this?
> 
> Also, what about a more granular level, such as at a WSDL 
> Operation or Message level?

Take a look at the WS-Security specs from IBM, Microsoft, et.al.  I believe
they cover your scenario fairly well.  In particular, look at the WS-Trust
spec:
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnglo
bspec/html/ws-trust.asp

References:
- Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")
  - From: "Chiusano Joseph" <chiusano_joseph@bah.com>

Prev by Date: Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")
Next by Date: Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")
Previous by thread: Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")
Next by thread: Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")
Index(es):
- Date
- Thread