OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [ebxml-dev] Authentication/Authorization with MSH?

Andrzej,

Do you really want to do authentication/authorization inside the MSH (as defined by the MSG spec)?. If you really mean that you want to do it in the middleware ("BSI"), then I suggest that you look at what is defined in the CPPA specification. The CPPA team has SAML support on its list for post version 2. If I remember correctly, we also have XACML on our futures list.

Regards,
Marty

*************************************************************************************
Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287; IBM tie line 863-7287
Notes address: Martin W Sachs/Watson/IBM
Internet address: mwsachs @ us.ibm.com
*************************************************************************************
Andrzej Jan Taramina <andrzej@chaeron.com>




          Andrzej Jan Taramina <andrzej@chaeron.com>

          07/17/2002 03:49 PM
          Please respond to andrzej



To: ebxml-dev@lists.ebxml.org
cc:
Subject: [ebxml-dev] Authentication/Authorization with MSH?


Question has come up as to how best to implement/integrate
authentication/authorization functions with ebXML MSH.

The spec makes reference that authentication would be done by the communications
protocol used. (TLS or IPSEC for example). However, what if you want to
authenticate using some other technique that is independent of the comm protocol?
Any suggestions as to how this should be implemented? Would you authenticate
prior to MSH receiving the message (ie. transparent to MSH)? If the authentication
was called from the MSH instead, then would you return a technical failure or a
business failure condition if the authentication failed (the approach chosen would
determine how acks/auth failures were handled....at the message or the biz
transaction level).

Regarding authorization.....there is mention that exchange of credentials could be
accomplished using SAML (which implies that you could integrate with the Liberty
initiative). But there are no details on how best to do this.

Can anyone point me to some more detailed info, or offer some suggestions as to
how best to incorporate authentication/authorization into MSH?

Thanks!
...Andrzej

Chaeron Corporation
http://www.chaeron.com



----------------------------------------------------------------
The ebxml-dev list is sponsored by OASIS.
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.ebxml.org/ob/adm.pl>


GIF image

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC