Cart
[Home] [By Thread] [By Date] [Recent Entries]
> > -----Original Message----- > From: Chiusano Joseph [mailto:chiusano_joseph@b...] > Sent: Wednesday, May 07, 2003 2:52 PM > To: Cavnar-Johnson, John > Cc: xml-dev@l... > > <Quote1> > According to the WS-Trust spec, "a web service can require > that an incoming message prove a set of claims." These claims > are not limited merely to identity, but can include the > user's principal (or security > context) > </Quote1> > > Can you take this one step further and explain how this would > apply to the presented scenario? In other words, how would > the identity of SYSTEM A be brought into the picture > (allowing SYSTEM A to really be considered a "user")? And how > does it relate to the possibility of more granular security > at (for example) the WSDL Operation level? > Do you want SYSTEM A to authenticate the user, or do you want the request to actually come from SYSTEM A? If the former, then this is exactly the brokered trust scenario. If the latter, then you add a requirement to your policy that states the request must include a certificate from SYSTEM A as well as credentials for the user.
|
