Return-Path: 
 <fx-dev-return-3473-apmail-ws-fx-dev-archive=ws.apache.org@ws.apache.org>
Delivered-To: apmail-ws-fx-dev-archive@www.apache.org
Received: (qmail 92487 invoked from network); 26 Jul 2005 01:38:27 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 26 Jul 2005 01:38:27 -0000
Received: (qmail 66251 invoked by uid 500); 26 Jul 2005 01:38:19 -0000
Delivered-To: apmail-ws-fx-dev-archive@ws.apache.org
Received: (qmail 66217 invoked by uid 500); 26 Jul 2005 01:38:19 -0000
Mailing-List: contact fx-dev-help@ws.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:fx-dev-help@ws.apache.org>
list-unsubscribe: <mailto:fx-dev-unsubscribe@ws.apache.org>
List-Post: <mailto:fx-dev@ws.apache.org>
List-Id: <fx-dev.ws.apache.org>
Delivered-To: mailing list fx-dev@ws.apache.org
Received: (qmail 66204 invoked by uid 99); 26 Jul 2005 01:38:19 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jul 2005 18:38:19 -0700
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of atmanes@gmail.com designates
 64.233.184.207 as permitted sender)
Received: from [64.233.184.207] (HELO wproxy.gmail.com) (64.233.184.207)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jul 2005 18:38:12 -0700
Received: by wproxy.gmail.com with SMTP id i24so984019wra
        for <fx-dev@ws.apache.org>; Mon, 25 Jul 2005 18:38:16 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=leMaQLSPcM3wM0eHDln5xwKA2vVOrLQQyav4f6z0LDomz3nOP1gITgYhe+tM2umozS1Bv9AaV5ebYjC4vgKWxTvuyiUwMzm61ccWSUzS4XLysieiqTu8qJfE/GQ1qTfbboezSs7bHQXPIBEvZ7Ju3S/w3rBlCuEcwEgNrdInfUc=
Received: by 10.54.31.69 with SMTP id e69mr2391796wre;
        Mon, 25 Jul 2005 18:38:16 -0700 (PDT)
Received: by 10.54.93.9 with HTTP; Mon, 25 Jul 2005 18:38:16 -0700 (PDT)
Message-ID: <bf414ee605072518382e3a9b72@mail.gmail.com>
Date: Mon, 25 Jul 2005 21:38:16 -0400
From: Anne Thomas Manes <atmanes@gmail.com>
Reply-To: Anne Thomas Manes <atmanes@gmail.com>
To: fx-dev@ws.apache.org
Subject: Re: authentication, SAML
In-Reply-To: <Pine.LNX.4.60.0507252059210.31558@loach.umiacs.umd.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <1122065712.4672.6.camel@l00073031.dian.gov.co>
	 <bf414ee60507251743209d4250@mail.gmail.com>
	 <Pine.LNX.4.60.0507252059210.31558@loach.umiacs.umd.edu>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

IBM, Microsoft, and friends updated WS-Trust and WS-SC in Feb 2005.
They are reasonably stable at this point. The authors also announced
about two weeks ago that they will submit these specifications, as
well as an updated version of WS-SecurityPolicy to OASIS. A new
technical committee will convene in September to take responsibility
for these specs. See http://xml.coverpages.org/ni2005-07-14-a.html.

Anne

On 7/25/05, Mike Smorul <toaster@umiacs.umd.edu> wrote:
>=20
> Has there been any progress on SecureConversation in wss4j? The last
> postings regarding it seemed to indicate some refactoring was going on an=
d
> the current version was not stable.
>=20
> -Mike
>=20
> On Mon, 25 Jul 2005, Anne Thomas Manes wrote:
>=20
> > As defined by WS-Trust, a security token service (STS) is a web
> > service that issues, renews, and validates security tokens. The client
> > presents a set of claims, and if the claims provide sufficient proof,
> > the STS returns the requested token. The client can then use the token
> > to supply authentication information on subsequent SOAP requests. Each
> > SOAP request must be re-authenticated, though, unless the client and
> > server establish and maintain some type of extended security session.
> >
> > WS-SecureConversation defines a binding of WS-Trust for creating this
> > type of extended security session. WS-SecureConversation defines a new
> > token type called a security context token. When using
> > WS-SecureConversation, the client and server need to authenticate each
> > other only once at the start of the conversation.
> >
> > Anne
> >
> >
> > On 7/22/05, Milton Fidel vega <MVEGAV@dian.gov.co> wrote:
> >>
> >> Is correct, that the same system are the identiy provider and the
> >> service provider supplier? (if there is not a identity provider )
> >>
> >>
> >> this is correct?
> >>
> >> It's a Web Service exclusively for authentication, this emit the signe=
d
> >> assertion via web service response after the client has autenthicated
> >> for te web service logic, so that in following calls to the Web servic=
es
> >> business, the messages soap of the client include the assertion in the
> >> soap headers and it are not authenticated again.
> >>
> >>
> >>
> >> Thanks
> >>
> >>
> >>
> >
>