- From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
- Date: Wed, 1 Oct 2003 08:59:53 -0500
- To: "Christopher B Ferris" <chrisfer@us.ibm.com>
- Cc: www-ws-arch@w3.org, www-ws-arch-request@w3.org
I have tried to site the standards body when I know them, but in a lot of cases I don't. Could you fill me in? I'll try to add the specs you list below, although it would be REALLY helpful if you could help me with descriptions of what they are. -----Original Message----- From: Christopher B Ferris [mailto:chrisfer@us.ibm.com] Sent: Wednesday, October 01, 2003 7:51 AM To: Cutler, Roger (RogerCutler) Cc: www-ws-arch@w3.org; www-ws-arch-request@w3.org Subject: Re: Standards Descriptions Roger, Some comments below. In general, I think that you should explicitly cite the standards body (if any) for each developing standard. Missing from this list is WSRP which was recently adopted as an OASIS standard http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsrp Also missing are ebMS, ebCPPA and more recently ebBPSS all at OASIS. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ebxml-msg http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ebxml-cppa http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ebxml-bp In the category of WS-TX and C and WS-CAF, there is also BTP http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=business-tran saction And finally (for this email anyway) WSDM, also at OASIS and co-chaired by our own Heather Kreger. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsdm Cheers, Christopher Ferris STSM, Emerging e-business Industry Architecture email: chrisfer@us.ibm.com phone: +1 508 234 3624 www-ws-arch-request@w3.org wrote on 09/30/2003 06:00:30 PM: <snip/> > SOAP - Basic messaging spec for Web services. SOAP 1.1 has been very > widely implemented and is part of the WS-I Basic Profile Version 1.0. SOAP 1.2 > is being developed in the W3C and is in the latter stages of the > process. It does not seem likely that SOAP 1.2 will be particularly > controversial and major vendors will probably implement it quickly > once it becomes a recommendation. SOAP1.2 *is* a W3C REC as of this past June. http://www.w3.org/TR/#Recommendations > WSDL - Basic Web services description spec. WSDL 1.1 has been very > widely implemented and is part of the WS-I Basic Profile Version 1.0. WSDL 1.2 > is being developed in the W3C and is in a "middle" stage of the > process. There does not seem to be any particular competition to > WSDL 1.2 in other standards organizations and major vendors will > probably implement it quickly once it becomes a recommendation > (which will take a while). Actually, I would put DAML-S in roughly the same category as WSDL but in the SWS camp. http://www.daml.org/services/daml-s/0.9/daml-s.html > UDDI (Universal Description, Discovery, and Integration)- Web > services registry. Version 2 adopted 4/2003 has been implemented by > a number of vendors. Version 3, under development, includes new > features like federation, which should allow communication between > locally customized servers. Implementation of UDDI on the internet > has stalled but there is widespread interest in using UDDI in > corporate intranets. UDDI v3 is being developed at OASIS. I would add this factoid to the description. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=uddi-spec > ebXML Registry Services - - ebeXML registry, provides function along > lines similar to UDDI. Version 2 adopted 12/2001. See also the ebXML > Registry Information Model Also at OASIS. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=regrep <snip/> > WS-Security - Construct secure SOAP message exchanges, including > provision for multiple security tokens for authorization and > authentication, multiple trust domains, multiple encryption > technologies and end-to-end message-level security (not just > transport-level security). Out of scope: multiple message exchanges, > key exchange, establishing and maintaining trust. WS-Security > defines two core capabilities: 1- how to use XML-Signature and XML- > Encryption with SOAP messaging. It specifies how to pass signatures > and key information in a SOAP header. 2- how to pass security tokens > with a SOAP message. WS-Security supports a variety of security > tokens (each defined by its own binding specification), such as > userid/password, X.509 certificates, Kerberos tickets, and SAML > tokens. The WS-Security TC is just starting in OASIS, but major > vendors (MS, IBM) have already implemented the submitted spec. Actually, the OASIS TC just adopted a Committee Spec status for the core spec and two of the profiles (user password and x509 certs) and is in the middle of the public review period prior to submission to OASIS membership for consideration as an OASIS Standard. Also, WS-I is developing its Basic Security Profile 1.0 using WSS and the first two profiles as its foundation. > SAML - Security Assertion Markup Language. Exchanging authorization > and authentication information. Version 1.0 finalized 11/2002. SAML > defines three core capabilities: 1- how to represent security tokens > in XML. These tokens are called assertions, and SAML defines three > types of assertions -- authentication, authorization, and > attributes. (attributes provide qualifying information that > constrain the other assertions -- such as spending limits or timing > constraints). An assertion is made by some type of trust authority. > 2- a process model for obtaining security tokens from a trust > authority. This includes a set of protocols for accessing a trust > authority. SAML defines two types of trust authorities: Policy > Decision Points (PDPs) and Policy Enforcement Points (PEPs). SAML > has defined bindings for multiple protocols, including SOAP/WSDL. 3- > a set of protocol bindings for conveying SAML tokens. SAML 1.1 > defines how to pass SAML tokens for browser applications. It does > not define bindings for how to pass SAML tokens in SOAP messages -- > that is left to WS-Security. It appears that this spec may be > getting some real traction in terms of practical implementations. > See, for example, this auto industry implementation. SAMLv1.1 was recently adopted as an OASIS Standard (02-sept-2003) <snip/>
Received on Wednesday, 1 October 2003 10:00:51 UTC