[
Lists Home |
Date Index |
Thread Index
]
Thanks Jeff. I'm going to investigate this further from a SAML
perspective, particularly in regard to how claim #2 can specifically be
represented.
Kind Regards,
Joe Chiusano
Booz | Allen | Hamilton
Jeff Greif wrote:
>
> I think the implication is that the claims are something like:
> 1. I'm Joe Bloggs.
> 2. I got through the security checks at System A
>
> Jeff
> ----- Original Message -----
> From: "Chiusano Joseph" <chiusano_joseph@bah.com>
> To: "Cavnar-Johnson John" <JCavnar-Johnson@sark.com>
> Cc: <xml-dev@lists.xml.org>
> Sent: Wednesday, May 07, 2003 12:51 PM
> Subject: Re: [xml-dev] Blended Authentication (AKA "Granular Access
> Control")
>
> > <Quote1>
> > According to the WS-Trust spec, "a web service can require that an
> > incoming message prove a set of claims." These claims are not limited
> > merely to identity, but can include the user's principal (or security
> > context)
> > </Quote1>
> >
> > Can you take this one step further and explain how this would apply to
> > the presented scenario? In other words, how would the identity of SYSTEM
> > A be brought into the picture (allowing SYSTEM A to really be considered
> > a "user")? And how does it relate to the possibility of more granular
> > security at (for example) the WSDL Operation level?
> >
begin:vcard
n:Chiusano;Joseph
tel;work:(703) 902-6923
x-mozilla-html:FALSE
url:www.bah.com
org:Booz | Allen | Hamilton;IT Digital Strategies Team
adr:;;8283 Greensboro Drive;McLean;VA;22012;
version:2.1
email;internet:chiusano_joseph@bah.com
title:Senior Consultant
fn:Joseph M. Chiusano
end:vcard
|
