Pseudonym service and Fediz-3 (Federation)

[Cabrera Juan Manuel <Ju...@atos.net>]

Hello everyone.

I have made a starter implementation of the Pseudonym service, see patch enclosed.
This is far from elegant, for one main reason: I was on a time boxed tunnel when I did this.
So I have started "forking" XSDs from the specifications to come up with a basic implementation for that service.
I am more comfortable as of now with a XML first approach, but I am fully aware that this is not the way to go for integration reasons.
So I did not had time to dig on how to use cxf-ws-addr et al. but I am sure that this would be the way to go.
I will gratefully welcome any help/hints on this.

One other point that matters a lot to me currently is to implement the Remote IDP use case.
I am confident that it can be done quite easily, since I have everything at hand to generate the needed tokens and (with the Pseudonym service) I am able to translate IDs accurately from one realm to the other.

My main interrogation is how to implement the 'What are you from' (or Realm picker) page.
I was thinking on replacing the 401 mechanism with a full HTTP form and host the realm picker there (and hence come up with a XML file referencing all the known realms)

Any hints / thoughts about that ?


Kind regards,

Juan Manuel



________________________________

Ce message et les pi?ces jointes sont confidentiels et r?serv?s ? l'usage exclusif de ses destinataires. Il peut ?galement ?tre prot?g? par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir imm?diatement l'exp?diteur et de le d?truire. L'int?grit? du message ne pouvant ?tre assur?e sur Internet, la responsabilit? d'Atos ne pourra ?tre recherch?e quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'exp?diteur ne donne aucune garantie ? cet ?gard et sa responsabilit? ne saurait ?tre recherch?e pour tout dommage r?sultant d'un virus transmis.

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

Re: RE: Pseudonym service and Fediz-3 (Federation)

[Ralf Josephy <Ra...@gmx.de>]

Hy, 

this is not a technical issue, it*s  only an Austrian Issue (Prof. Dr. Wimmer Koblenz, Prof. Dr Ingeborg Zerbes), it*s more than a philosophical offer.

hHow to deal with singletons.

My Name is Ralf Josephy - because of the German History (Shoah) i am the only Ralf Josephy in the Internet (World). If have to have a singleton approach against Microsoft (Spähnangriff, voice-to-skull with Aaronia and Dr. Munzert; Motorola 2003 and Delphi/General Motors) which replies that i am right and to the right approach. If am right I will offer responsibility. 

That's an offer for all CXF programmers to ask for responsibilty.

Regards,

Ralf Josephy
-------- Original-Nachricht --------
> Datum: Wed, 28 Nov 2012 15:00:06 +0100
> Von: Cabrera Juan Manuel <Ju...@atos.net>
> An: "dev@cxf.apache.org" <de...@cxf.apache.org>, "coheigea@apache.org" <co...@apache.org>
> Betreff: RE: Pseudonym service and Fediz-3 (Federation)

> Hie.
> 
> This was to reuse the interfaces of the webservice on the client part with
> less efforts.
> But I can definitely merge this on the sts if you think it's better.
> 
> Juan Manuel
> 
> 
> -----Message d'origine-----
> De : Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Envoyé : mercredi 28 novembre 2012 13:05
> À : dev@cxf.apache.org
> Objet : Re: Pseudonym service and Fediz-3 (Federation)
> 
> Hi Jan Manuel,
> 
> Why is it necessary to create a "sts-pseudo" service? Could you not submit
> a patch for any new functionality that is required to the sts directly?
> 
> Colm.
> 
> On Tue, Nov 27, 2012 at 9:50 AM, Cabrera Juan Manuel <
> Juan-Manuel.Cabrera@atos.net> wrote:
> 
> >  Hello everyone.****
> >
> > ** **
> >
> > I have made a starter implementation of the Pseudonym service, see
> > patch
> > enclosed.****
> >
> > This is far from elegant, for one main reason: I was on a time boxed
> > tunnel when I did this.****
> >
> > So I have started "forking" XSDs from the specifications to come up
> > with a basic implementation for that service.****
> >
> > I am more comfortable as of now with a XML first approach, but I am
> > fully aware that this is not the way to go for integration
> > reasons.****
> >
> > So I did not had time to dig on how to use cxf-ws-addr et al. but I am
> > sure that this would be the way to go.****
> >
> > I will gratefully welcome any help/hints on this.****
> >
> > ** **
> >
> > One other point that matters a lot to me currently is to implement the
> > Remote IDP use case.****
> >
> > I am confident that it can be done quite easily, since I have
> > everything at hand to generate the needed tokens and (with the
> > Pseudonym service) I am able to translate IDs accurately from one
> > realm to the other.****
> >
> > ** **
> >
> > My main interrogation is how to implement the 'What are you from' (or
> > Realm picker) page.****
> >
> > I was thinking on replacing the 401 mechanism with a full HTTP form
> > and host the realm picker there (and hence come up with a XML file
> > referencing all the known realms)****
> >
> > ** **
> >
> > Any hints / thoughts about that ?****
> >
> > ** **
> >
> > ** **
> >
> > Kind regards,****
> >
> > ** **
> >
> > Juan Manuel****
> >
> > ** **
> >
> > ** **
> >
> > ------------------------------
> >
> > Ce message et les pièces jointes sont confidentiels et réservés à
> > l'usage exclusif de ses destinataires. Il peut également être
> protégé
> > par le secret professionnel. Si vous recevez ce message par erreur,
> > merci d'en avertir immédiatement l'expéditeur et de le détruire.
> > L'intégrité du message ne pouvant être assurée sur Internet, la
> > responsabilité d'Atos ne pourra être recherchée quant au contenu de
> ce
> > message. Bien que les meilleurs efforts soient faits pour maintenir
> > cette transmission exempte de tout virus, l'expéditeur ne donne aucune
> > garantie à cet égard et sa responsabilité ne saurait être
> recherchée pour tout dommage résultant d'un virus transmis.
> >
> > This e-mail and the documents attached are confidential and intended
> > solely for the addressee; it may also be privileged. If you receive
> > this e-mail in error, please notify the sender immediately and destroy
> > it. As its integrity cannot be secured on the Internet, the Atos
> > liability cannot be triggered for the message content. Although the
> > sender endeavours to maintain a computer virus-free network, the
> > sender does not warrant that this transmission is virus-free and will
> > not be liable for any damages resulting from any virus transmitted.
> >
> 
> 
> 
> --
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com
> 
> 
> Ce message et les pièces jointes sont confidentiels et réservés à
> l'usage exclusif de ses destinataires. Il peut également être protégé par
> le secret professionnel. Si vous recevez ce message par erreur, merci d'en
> avertir immédiatement l'expéditeur et de le détruire. L'intégrité du
> message ne pouvant être assurée sur Internet, la responsabilité d'Atos ne
> pourra être recherchée quant au contenu de ce message. Bien que les
> meilleurs efforts soient faits pour maintenir cette transmission exempte de tout
> virus, l'expéditeur ne donne aucune garantie à cet égard et sa
> responsabilité ne saurait être recherchée pour tout dommage résultant d'un
> virus transmis.
> 
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive this e-mail
> in error, please notify the sender immediately and destroy it. As its
> integrity cannot be secured on the Internet, the Atos liability cannot be
> triggered for the message content. Although the sender endeavours to maintain a
> computer virus-free network, the sender does not warrant that this
> transmission is virus-free and will not be liable for any damages resulting from any
> virus transmitted.

RE: Pseudonym service and Fediz-3 (Federation)

[Cabrera Juan Manuel <Ju...@atos.net>]

Hie.

This was to reuse the interfaces of the webservice on the client part with less efforts.
But I can definitely merge this on the sts if you think it's better.

Juan Manuel


-----Message d'origine-----
De : Colm O hEigeartaigh [mailto:coheigea@apache.org]
Envoyé : mercredi 28 novembre 2012 13:05
À : dev@cxf.apache.org
Objet : Re: Pseudonym service and Fediz-3 (Federation)

Hi Jan Manuel,

Why is it necessary to create a "sts-pseudo" service? Could you not submit a patch for any new functionality that is required to the sts directly?

Colm.

On Tue, Nov 27, 2012 at 9:50 AM, Cabrera Juan Manuel < Juan-Manuel.Cabrera@atos.net> wrote:

>  Hello everyone.****
>
> ** **
>
> I have made a starter implementation of the Pseudonym service, see
> patch
> enclosed.****
>
> This is far from elegant, for one main reason: I was on a time boxed
> tunnel when I did this.****
>
> So I have started "forking" XSDs from the specifications to come up
> with a basic implementation for that service.****
>
> I am more comfortable as of now with a XML first approach, but I am
> fully aware that this is not the way to go for integration
> reasons.****
>
> So I did not had time to dig on how to use cxf-ws-addr et al. but I am
> sure that this would be the way to go.****
>
> I will gratefully welcome any help/hints on this.****
>
> ** **
>
> One other point that matters a lot to me currently is to implement the
> Remote IDP use case.****
>
> I am confident that it can be done quite easily, since I have
> everything at hand to generate the needed tokens and (with the
> Pseudonym service) I am able to translate IDs accurately from one
> realm to the other.****
>
> ** **
>
> My main interrogation is how to implement the 'What are you from' (or
> Realm picker) page.****
>
> I was thinking on replacing the 401 mechanism with a full HTTP form
> and host the realm picker there (and hence come up with a XML file
> referencing all the known realms)****
>
> ** **
>
> Any hints / thoughts about that ?****
>
> ** **
>
> ** **
>
> Kind regards,****
>
> ** **
>
> Juan Manuel****
>
> ** **
>
> ** **
>
> ------------------------------
>
> Ce message et les pièces jointes sont confidentiels et réservés à
> l'usage exclusif de ses destinataires. Il peut également être protégé
> par le secret professionnel. Si vous recevez ce message par erreur,
> merci d'en avertir immédiatement l'expéditeur et de le détruire.
> L'intégrité du message ne pouvant être assurée sur Internet, la
> responsabilité d'Atos ne pourra être recherchée quant au contenu de ce
> message. Bien que les meilleurs efforts soient faits pour maintenir
> cette transmission exempte de tout virus, l'expéditeur ne donne aucune
> garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.
>
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive
> this e-mail in error, please notify the sender immediately and destroy
> it. As its integrity cannot be secured on the Internet, the Atos
> liability cannot be triggered for the message content. Although the
> sender endeavours to maintain a computer virus-free network, the
> sender does not warrant that this transmission is virus-free and will
> not be liable for any damages resulting from any virus transmitted.
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com


Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité d'Atos ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

Re: Pseudonym service and Fediz-3 (Federation)

[Colm O hEigeartaigh <co...@apache.org>]

Hi Jan Manuel,

Why is it necessary to create a "sts-pseudo" service? Could you not submit
a patch for any new functionality that is required to the sts directly?

Colm.

On Tue, Nov 27, 2012 at 9:50 AM, Cabrera Juan Manuel <
Juan-Manuel.Cabrera@atos.net> wrote:

>  Hello everyone.****
>
> ** **
>
> I have made a starter implementation of the Pseudonym service, see patch
> enclosed.****
>
> This is far from elegant, for one main reason: I was on a time boxed
> tunnel when I did this.****
>
> So I have started “forking” XSDs from the specifications to come up with a
> basic implementation for that service.****
>
> I am more comfortable as of now with a XML first approach, but I am fully
> aware that this is not the way to go for integration reasons.****
>
> So I did not had time to dig on how to use cxf-ws-addr et al. but I am
> sure that this would be the way to go.****
>
> I will gratefully welcome any help/hints on this.****
>
> ** **
>
> One other point that matters a lot to me currently is to implement the
> Remote IDP use case.****
>
> I am confident that it can be done quite easily, since I have everything
> at hand to generate the needed tokens and (with the Pseudonym service) I am
> able to translate IDs accurately from one realm to the other.****
>
> ** **
>
> My main interrogation is how to implement the ‘What are you from’ (or
> Realm picker) page.****
>
> I was thinking on replacing the 401 mechanism with a full HTTP form and
> host the realm picker there (and hence come up with a XML file referencing
> all the known realms)****
>
> ** **
>
> Any hints / thoughts about that ?****
>
> ** **
>
> ** **
>
> Kind regards,****
>
> ** **
>
> Juan Manuel****
>
> ** **
>
> ** **
>
> ------------------------------
>
> Ce message et les pièces jointes sont confidentiels et réservés à l'usage
> exclusif de ses destinataires. Il peut également être protégé par le secret
> professionnel. Si vous recevez ce message par erreur, merci d'en avertir
> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne
> pouvant être assurée sur Internet, la responsabilité d'Atos ne pourra être
> recherchée quant au contenu de ce message. Bien que les meilleurs efforts
> soient faits pour maintenir cette transmission exempte de tout virus,
> l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne
> saurait être recherchée pour tout dommage résultant d'un virus transmis.
>
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive this
> e-mail in error, please notify the sender immediately and destroy it. As
> its integrity cannot be secured on the Internet, the Atos liability cannot
> be triggered for the message content. Although the sender endeavours to
> maintain a computer virus-free network, the sender does not warrant that
> this transmission is virus-free and will not be liable for any damages
> resulting from any virus transmitted.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com