You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@ws.apache.org by John Mani <jo...@sixthdimension.com> on 2002/04/05 19:52:03 UTC
standard security specification for SOAP ?
Hi
Are there any 'standard/interoperable' specifications for security
(authentication,
authorization, encryption .... ) for SOAP out there ? Any standards in the
work ?
If so, can someone point me to the appropriate URLs ?
As far as I know, the most interoperable mechanism currently is to depend on
the underlying transport - typically HTTP (Basic Auth or SSL)
-john
RE: standard security specification for SOAP ?
Posted by Anne Thomas Manes <an...@manes.net>.
There are a couple of XML security standards in development at OASIS:
- SAML (Security Assertions Markup Language) defines a security data
exchange format. You can use SAML to pass authentication, authorization, and
attribute information. See http://www.oasis-open.org/committees/security/.
- XACML (eXtensible Access Control Markup Language) is an XML application
for describing access control policies. See
http://www.oasis-open.org/committees/xacml/
Anne
> -----Original Message-----
> From: Brenda Coulson [mailto:bcoulson@cysive.com]
> Sent: Friday, April 05, 2002 12:59 PM
> To: soap-user@xml.apache.org
> Subject: RE: standard security specification for SOAP ?
>
>
> Not sure about authentication or authorization, but there is a W3C note
> about signing SOAP messages. Check out the following link. Axis provides
> utilities for signing documents as does Systinet WASP and IBM provides a
> toolkit which supports SOAP Dig Sigs
>
> http://www.w3.org/TR/SOAP-dsig
>
> brenda
>
> -----Original Message-----
> From: John Mani [mailto:john@sixthdimension.com]
> Sent: Friday, April 05, 2002 12:52 PM
> To: soap-user@xml.apache.org
> Subject: standard security specification for SOAP ?
>
>
> Hi
>
> Are there any 'standard/interoperable' specifications for security
> (authentication,
> authorization, encryption .... ) for SOAP out there ? Any standards in the
> work ?
> If so, can someone point me to the appropriate URLs ?
>
> As far as I know, the most interoperable mechanism currently is
> to depend on
> the underlying transport - typically HTTP (Basic Auth or SSL)
>
> -john
>
RE: standard security specification for SOAP ?
Posted by Anne Thomas Manes <an...@manes.net>.
There are a couple of XML security standards in development at OASIS:
- SAML (Security Assertions Markup Language) defines a security data
exchange format. You can use SAML to pass authentication, authorization, and
attribute information. See http://www.oasis-open.org/committees/security/.
- XACML (eXtensible Access Control Markup Language) is an XML application
for describing access control policies. See
http://www.oasis-open.org/committees/xacml/
Anne
> -----Original Message-----
> From: Brenda Coulson [mailto:bcoulson@cysive.com]
> Sent: Friday, April 05, 2002 12:59 PM
> To: soap-user@xml.apache.org
> Subject: RE: standard security specification for SOAP ?
>
>
> Not sure about authentication or authorization, but there is a W3C note
> about signing SOAP messages. Check out the following link. Axis provides
> utilities for signing documents as does Systinet WASP and IBM provides a
> toolkit which supports SOAP Dig Sigs
>
> http://www.w3.org/TR/SOAP-dsig
>
> brenda
>
> -----Original Message-----
> From: John Mani [mailto:john@sixthdimension.com]
> Sent: Friday, April 05, 2002 12:52 PM
> To: soap-user@xml.apache.org
> Subject: standard security specification for SOAP ?
>
>
> Hi
>
> Are there any 'standard/interoperable' specifications for security
> (authentication,
> authorization, encryption .... ) for SOAP out there ? Any standards in the
> work ?
> If so, can someone point me to the appropriate URLs ?
>
> As far as I know, the most interoperable mechanism currently is
> to depend on
> the underlying transport - typically HTTP (Basic Auth or SSL)
>
> -john
>
RE: standard security specification for SOAP ?
Posted by Brenda Coulson <bc...@cysive.com>.
Not sure about authentication or authorization, but there is a W3C note
about signing SOAP messages. Check out the following link. Axis provides
utilities for signing documents as does Systinet WASP and IBM provides a
toolkit which supports SOAP Dig Sigs
http://www.w3.org/TR/SOAP-dsig
brenda
-----Original Message-----
From: John Mani [mailto:john@sixthdimension.com]
Sent: Friday, April 05, 2002 12:52 PM
To: soap-user@xml.apache.org
Subject: standard security specification for SOAP ?
Hi
Are there any 'standard/interoperable' specifications for security
(authentication,
authorization, encryption .... ) for SOAP out there ? Any standards in the
work ?
If so, can someone point me to the appropriate URLs ?
As far as I know, the most interoperable mechanism currently is to depend on
the underlying transport - typically HTTP (Basic Auth or SSL)
-john
RE: standard security specification for SOAP ?
Posted by Brenda Coulson <bc...@cysive.com>.
Not sure about authentication or authorization, but there is a W3C note
about signing SOAP messages. Check out the following link. Axis provides
utilities for signing documents as does Systinet WASP and IBM provides a
toolkit which supports SOAP Dig Sigs
http://www.w3.org/TR/SOAP-dsig
brenda
-----Original Message-----
From: John Mani [mailto:john@sixthdimension.com]
Sent: Friday, April 05, 2002 12:52 PM
To: soap-user@xml.apache.org
Subject: standard security specification for SOAP ?
Hi
Are there any 'standard/interoperable' specifications for security
(authentication,
authorization, encryption .... ) for SOAP out there ? Any standards in the
work ?
If so, can someone point me to the appropriate URLs ?
As far as I know, the most interoperable mechanism currently is to depend on
the underlying transport - typically HTTP (Basic Auth or SSL)
-john