[ogsa-wg] Security Web Service Specifications

[Tom Scavo]

Hi Nate,

Could you elaborate a little on where you think Liberty ID-WSF might
integrate into the protocol stack?  Or maybe another way to put this
is: What components of Liberty ID-WSF (which is huge!) do you think
are relevant here?

If Shibboleth chooses to align with Liberty, I think that's fine, but
it's not at all clear to me how this impacts the Grid, and hence my
questions above.  Speaking as a Globus developer, Liberty ID-WSF in
Globus Toolkit (if that's what you're proposing) will be a hard sell
since 1) Globus has already made significant investments in
WS-Security and WS-SecureConversation, and 2) ID-WSF may be
incompatible with WSRF (in their use of WS-Addressing, in particular).

If you can shed any light on this issue, that would be great.

Thanks,

Tom Scavo
NCSA

On 2/26/07, Nate Klingenstein <ndk at internet2.edu> wrote:
> Everyone,
>
> I mentioned on the call today that the Liberty Alliance effort has
> defined ID-WSF, a web services framework for identity management
> functions that may be useful to OGSA.  It allows for fairly powerful
> identity management and integrates well with SAML and others.
>
> http://www.projectliberty.org/resource_center/specifications/
> liberty_alliance_id_wsf_2_0_specifications
>
> I think it's also worth taking some time to analyze WS-Trust, a
> specification that intends to generalize security token exchange.
>
> http://www-128.ibm.com/developerworks/library/specification/ws-trust/
>
> I'll just set these out for informational purposes right now without
> making any particular recommendations.  These could both feed into
> profiling efforts surrounding WS-Security and WS-SecureConversation.
> As you read this, I'd ask you to please keep a mental distinction
> between protocol and token format.
>
> Thanks for your time,
> Nate.
>
> --
>   ogsa-wg mailing list
>   ogsa-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/ogsa-wg
>