[
Lists Home |
Date Index |
Thread Index
]
I think the implication is that the claims are something like:
1. I'm Joe Bloggs.
2. I got through the security checks at System A
Jeff
----- Original Message -----
From: "Chiusano Joseph" <chiusano_joseph@bah.com>
To: "Cavnar-Johnson John" <JCavnar-Johnson@sark.com>
Cc: <xml-dev@lists.xml.org>
Sent: Wednesday, May 07, 2003 12:51 PM
Subject: Re: [xml-dev] Blended Authentication (AKA "Granular Access
Control")
> <Quote1>
> According to the WS-Trust spec, "a web service can require that an
> incoming message prove a set of claims." These claims are not limited
> merely to identity, but can include the user's principal (or security
> context)
> </Quote1>
>
> Can you take this one step further and explain how this would apply to
> the presented scenario? In other words, how would the identity of SYSTEM
> A be brought into the picture (allowing SYSTEM A to really be considered
> a "user")? And how does it relate to the possibility of more granular
> security at (for example) the WSDL Operation level?
>
|