[ogsa-wg] Security Web Service Specifications
Tom Scavo
trscavo at gmail.com
Wed Feb 28 12:49:57 CST 2007
Hi Nate,
Could you elaborate a little on where you think Liberty ID-WSF might
integrate into the protocol stack? Or maybe another way to put this
is: What components of Liberty ID-WSF (which is huge!) do you think
are relevant here?
If Shibboleth chooses to align with Liberty, I think that's fine, but
it's not at all clear to me how this impacts the Grid, and hence my
questions above. Speaking as a Globus developer, Liberty ID-WSF in
Globus Toolkit (if that's what you're proposing) will be a hard sell
since 1) Globus has already made significant investments in
WS-Security and WS-SecureConversation, and 2) ID-WSF may be
incompatible with WSRF (in their use of WS-Addressing, in particular).
If you can shed any light on this issue, that would be great.
Thanks,
Tom Scavo
NCSA
On 2/26/07, Nate Klingenstein <ndk at internet2.edu> wrote:
> Everyone,
>
> I mentioned on the call today that the Liberty Alliance effort has
> defined ID-WSF, a web services framework for identity management
> functions that may be useful to OGSA. It allows for fairly powerful
> identity management and integrates well with SAML and others.
>
> http://www.projectliberty.org/resource_center/specifications/
> liberty_alliance_id_wsf_2_0_specifications
>
> I think it's also worth taking some time to analyze WS-Trust, a
> specification that intends to generalize security token exchange.
>
> http://www-128.ibm.com/developerworks/library/specification/ws-trust/
>
> I'll just set these out for informational purposes right now without
> making any particular recommendations. These could both feed into
> profiling efforts surrounding WS-Security and WS-SecureConversation.
> As you read this, I'd ask you to please keep a mental distinction
> between protocol and token format.
>
> Thanks for your time,
> Nate.
>
> --
> ogsa-wg mailing list
> ogsa-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/ogsa-wg
>
More information about the ogsa-wg
mailing list