Title: RE: [RE: Authorization using WS security and SAML]
> is the WSTK for free or is it an
eval copy?
According to the WSTK pages (which you should check out
yourself, for license restrictions etc and for any recent changes), the answer
is "yes" it is a free eval, fo
Title: RE: [RE: Authorization using WS security and SAML]
i've just tried downloading the toolkit a few minutes ago. [one heavy
download it is! so the process is still on!]
since it's a dissertation i'm working on, i may have some issues with it
being a trial version. is th
IBM WSTK. It's based on Axis.
> -Original Message-
> From: Nisha Menon [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 20, 2003 8:28 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [RE: Authorization using WS security and SAML]
>
>
> Hi Mitch,
> Any lu
WS security and SAML]
Is anyone aware of a Java implementation of WS-Security? Furthermore, is
anyone aware of an implementation that can be used with Axis? I would
guess IBM has one since they have been a leader on the spec, but I don't
know. The only WS-Security API I'm aware of
Title: RE: Authorization using WS security and SAML
You
should define your security header in the WSDL , but you still
need a business agreement regarding what mechanisms to use.
-Original Message-From: Nisha Menon
[mailto:[EMAIL PROTECTED]Sent: Wednesday, March 19, 2003 12:03
Title: RE: Authorization using WS security and SAML
is security information ever a part of WSDL? i mean when one application
wants to interact with another through a webservice, is it a business agreement
to follow a particular authentication/authorization mechanism/ scheme or is it
defined
Title: RE: Authorization using WS security and SAML
Nisha,
As I mentioned below, when
using WS-Security, you must write a header processor (an Axis handler) that
takes the SAML token and maps it to a principal, and then use JAAS to check
authorization.
I'm assuming that your Web servi
Title: RE: Authorization using WS security and SAML
thanks so much for all that information anne.. helps me to a great extent
to have your input!
but what would the required components be if i were to start
implementing a webservices authentication module (considering ofcourse that i
Title: Re: [RE: Authorization using WS security and SAML]
TSIK1.7 claims to have WS-Security support. Look at samplesoap
example.
Not
sure if it would work with Axis. Also, TSIK is not opensource (doesn't include
source code).
/Pankaj.
-Original Message-From: Nisha
Title: Re: [RE: Authorization using WS security and SAML]
oh yes! would anyone know of an implementation that can be used with
axis?
would be dandy to get my hands on that code! :-)
-Original Message- From: Mitch Gitman
[mailto:[EMAIL PROTECTED] Sent: Mon 3/17/2003 10:11 PM
Ricky Ho asked:
> Can I use SAML for just Authorization Authority ?
Yes. You need to send your authorization authority certain information so
that it can make a decision: some authentication information and some
information that identifies the resource being accessed. Although I suspect
that most
ilto:[EMAIL PROTECTED]
> Sent: Monday, March 17, 2003 10:26 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Authorization using WS security and SAML
>
>
> Hi Anne,
>
> You touch on some interesting points. I agree that one can implement
> authentication or authorization
One of the primary reasons why you might want to use SAML is to support
single sign-on. But if you don't have a SAML authentication authority, then
you probably don't want to use SAML.
Can I use SAML for just Authorization Authority ?
But you don't need to use either SAML or WS-Security to implem
I believe that IBM WSTK supports WS-Security. see
http://www.alphaworks.ibm.com/tech/webservicestoolkit
> -Original Message-
> From: Mitch Gitman [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 17, 2003 11:41 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [RE: Authorization us
Is anyone aware of a Java implementation of WS-Security? Furthermore, is
anyone aware of an implementation that can be used with Axis? I would guess
IBM has one since they have been a leader on the spec, but I don't know. The
only WS-Security API I'm aware of comes with Microsoft's Web Services
Enh
al Message-
From: Anne Thomas Manes [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2003 9:00 AM
To: [EMAIL PROTECTED]
Subject: RE: Authorization using WS security and SAML
SAML provides a standard XML format to express and exchange security
assertions. Assertions come in three flavors: auth
authorization.
Anne
> -Original Message-
> From: Nisha Menon [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 17, 2003 5:25 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Authorization using WS security and SAML
>
>
>
> Yip... I get it now... :-)
>
> Ok so here's the de
rds,
Nisha
-Original Message-
From: Ricky Ho [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2003 11:40 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Authorization using WS security and SAML
I haven't closely track the OASIS activity. They are supposed to
standar
rds,
Nisha
-Original Message-
From: Ricky Ho [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2003 11:40 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Authorization using WS security and SAML
I haven't closely track the OASIS activity. They are supposed to
standar
ards,
Nisha
-Original Message-
From: Ricky Ho [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2003 11:40 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Authorization using WS security and SAML
I haven't closely track the OASIS activity. They are supposed to
standar
sha
-Original Message-
From: Ricky Ho [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 16, 2003 10:08 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Authorization using WS security and SAML
SAML is about specifying the XML format of your authorization decision
outcome (authorization a
inal Message-
From: Ricky Ho [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 16, 2003 10:08 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Authorization using WS security and SAML
SAML is about specifying the XML format of your authorization decision
outcome (authorization assertion). It
http://www.opensaml.org/
http://www.xmltrustcenter.org/developer/verisign/tsik/download.htm
http://groups.yahoo.com/group/tsik/
--- Nisha Menon <[EMAIL PROTECTED]> wrote:
-
Webservice design hi, i am trying to create an authorization module for web services
that i
SAML is about specifying the XML format of your authorization decision
outcome (authorization assertion). It also defines a protocol how to
request the assertion. SAML doesn't describe how the decision should be
made. XACML is attempting to standardize how such decision rules should be
speci
24 matches
Mail list logo