• To: "Chiusano Joseph" <chiusano_joseph@b...>,"Cavnar-Johnson John" <JCavnar-Johnson@s...>
• Subject: Re: Blended Authentication (AKA "Granular Access Control")
• From: "Jeff Greif" <jgreif@a...>
• Date: Wed, 7 May 2003 14:55:39 -0700
• Cc: <xml-dev@l...>
• References: <200305071901.h47J1R0l028357@e...> <3EB963D0.D4D44A05@b...>

I think the implication is that the claims are something like:
  1.  I'm Joe Bloggs.
  2.  I got through the security checks at System A

Jeff
----- Original Message ----- 
From: "Chiusano Joseph" <chiusano_joseph@b...>
To: "Cavnar-Johnson John" <JCavnar-Johnson@s...>
Cc: <xml-dev@l...>
Sent: Wednesday, May 07, 2003 12:51 PM
Subject: Re:  Blended Authentication (AKA "Granular Access
Control")


> <Quote1>
> According to the WS-Trust spec, "a web service can require that an
> incoming message prove a set of claims." These claims are not limited
> merely to identity, but can include the user's principal (or security
> context)
> </Quote1>
>
> Can you take this one step further and explain how this would apply to
> the presented scenario? In other words, how would the identity of SYSTEM
> A be brought into the picture (allowing SYSTEM A to really be considered
> a "user")? And how does it relate to the possibility of more granular
> security at (for example) the WSDL Operation level?
>

• Follow-Ups:
  • Re: Blended Authentication (AKA "Granular Access Control")
    • From: "Chiusano Joseph" <chiusano_joseph@b...>

• References:
  • Re: Blended Authentication (AKA "Granular Access Control")
    • From: "Chiusano Joseph" <chiusano_joseph@b...>

• Prev by Date: RE: DIME - Status?
• Next by Date: Re: DIME - Status?
• Previous by thread: Re: Blended Authentication (AKA "Granular Access Control")
• Next by thread: Re: Blended Authentication (AKA "Granular Access Control")
• Index(es):
  • Date
  • Thread