ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Smorul <toas...@umiacs.umd.edu>
Subject Re: authentication, SAML
Date Tue, 26 Jul 2005 01:00:51 GMT

Has there been any progress on SecureConversation in wss4j? The last 
postings regarding it seemed to indicate some refactoring was going on and 
the current version was not stable.

-Mike

On Mon, 25 Jul 2005, Anne Thomas Manes wrote:

> As defined by WS-Trust, a security token service (STS) is a web
> service that issues, renews, and validates security tokens. The client
> presents a set of claims, and if the claims provide sufficient proof,
> the STS returns the requested token. The client can then use the token
> to supply authentication information on subsequent SOAP requests. Each
> SOAP request must be re-authenticated, though, unless the client and
> server establish and maintain some type of extended security session.
>
> WS-SecureConversation defines a binding of WS-Trust for creating this
> type of extended security session. WS-SecureConversation defines a new
> token type called a security context token. When using
> WS-SecureConversation, the client and server need to authenticate each
> other only once at the start of the conversation.
>
> Anne
>
>
> On 7/22/05, Milton Fidel vega <MVEGAV@dian.gov.co> wrote:
>>
>> Is correct, that the same system are the identiy provider and the
>> service provider supplier? (if there is not a identity provider )
>>
>>
>> this is correct?
>>
>> It's a Web Service exclusively for authentication, this emit the signed
>> assertion via web service response after the client has autenthicated
>> for te web service logic, so that in following calls to the Web services
>> business, the messages soap of the client include the assertion in the
>> soap headers and it are not authenticated again.
>>
>>
>>
>> Thanks
>>
>>
>>
>

Mime
View raw message