RE: Blended Authentication (AKA "Granular Access Control")

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: xml-dev@l...
Subject: RE: Blended Authentication (AKA "Granular Access Control")
From: "Cavnar-Johnson, John" <JCavnar-Johnson@s...>
Date: Wed, 7 May 2003 10:18:35 -0500
In-reply-to: <3EB920CC.11978223@b...>
Thread-index: AcMUqldo/65tQ6h1RE6EnfmvU+VtXwAASHjg

 

> 
> -----Original Message-----
> From: Chiusano Joseph [mailto:chiusano_joseph@b...] 
> Sent: Wednesday, May 07, 2003 10:06 AM
> To: Rich Salz
> Cc: xml-dev@l...
> 
> <Quote>
> User1 authenticates to A and "delegates" its rights so that A 
> can present its rights, and the delegated User1 rights to B. 
> </Quote>
> 
> That works well from the perspective of A (the sender side) 
> because it asserts that A has the proper claims to access B 
> (this appears to me to be more of a "push" method). But what 
> if B does not consider A to be a valid user? How can B enforce this?
> 
> Also, what about a more granular level, such as at a WSDL 
> Operation or Message level?

Take a look at the WS-Security specs from IBM, Microsoft, et.al.  I believe
they cover your scenario fairly well.  In particular, look at the WS-Trust
spec:
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnglo
bspec/html/ws-trust.asp

References:
- Re: Blended Authentication (AKA "Granular Access Control")
  - From: "Chiusano Joseph" <chiusano_joseph@b...>

Prev by Date: Re: Blended Authentication (AKA "Granular Access Control")
Next by Date: Re: Blended Authentication (AKA "Granular Access Control")
Previous by thread: Re: Blended Authentication (AKA "Granular Access Control")
Next by thread: Re: Blended Authentication (AKA "Granular Access Control")
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >