There are a couple of XML security standards in development at OASIS: - SAML (Security Assertions Markup Language) defines a security data exchange format. You can use SAML to pass authentication, authorization, and attribute information. See http://www.oasis-open.org/committees/security/. - XACML (eXtensible Access Control Markup Language) is an XML application for describing access control policies. See http://www.oasis-open.org/committees/xacml/
Anne > -----Original Message----- > From: Brenda Coulson [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 05, 2002 12:59 PM > To: [EMAIL PROTECTED] > Subject: RE: standard security specification for SOAP ? > > > Not sure about authentication or authorization, but there is a W3C note > about signing SOAP messages. Check out the following link. Axis provides > utilities for signing documents as does Systinet WASP and IBM provides a > toolkit which supports SOAP Dig Sigs > > http://www.w3.org/TR/SOAP-dsig > > brenda > > -----Original Message----- > From: John Mani [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 05, 2002 12:52 PM > To: [EMAIL PROTECTED] > Subject: standard security specification for SOAP ? > > > Hi > > Are there any 'standard/interoperable' specifications for security > (authentication, > authorization, encryption .... ) for SOAP out there ? Any standards in the > work ? > If so, can someone point me to the appropriate URLs ? > > As far as I know, the most interoperable mechanism currently is > to depend on > the underlying transport - typically HTTP (Basic Auth or SSL) > > -john >