OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [ebxml-dev] Authentication/Authorization with MSH?

Question has come up as to how best to implement/integrate 
authentication/authorization functions with ebXML MSH.

The spec makes reference that authentication would be done by the communications 
protocol used. (TLS or IPSEC for example).  However, what if you want to 
authenticate using some other technique that is independent of the comm protocol?  
Any suggestions as to how this should be implemented?  Would you authenticate 
prior to MSH receiving the message (ie. transparent to MSH)?  If the authentication 
was called from the MSH instead, then would you return a technical failure or a 
business failure condition if the authentication failed (the approach chosen would 
determine how acks/auth failures were handled....at the message or the biz 
transaction level).

Regarding authorization.....there is mention that exchange of credentials could be 
accomplished using SAML (which implies that you could integrate with the Liberty 
initiative).  But there are no details on how best to do this.

Can anyone point me to some more detailed info, or offer some suggestions as to 
how best to incorporate authentication/authorization into MSH?


Chaeron Corporation

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC