RE: XKMS and X509v3 attributes, where to put them in?

Hi Ed,

I must admit that I am not familiar with SAML yet. Basically I am looking for a standardized way to send and receive messages to a trusted authority that is able to issue Attribute Certificates. The role information has to be included as attribute in such ACs.

Stephen told me to use SAML but I am still not sure if it is suiteable in the scenario sketched in one of my previous postings. At the moment we are thinking of a solution that uses both PKCs and ACs for authentication and authorization. We use XKMS to request and retreive PKCs and should use SAML (?) for the same reason with ACs.

Are there any Web services available that could be used for proof of concept testings yet?

Regards,
Michael.


Ed Simon <edsimon@xmlsec.com> schrieb: 
In a Web Services context, one could look at starting with an X.509 token
and then exchanging that, through WS-Trust, for a related SAML token
containing the role information. 

Michael, Manuel, does that sound like it would suit your problem scenario?

Regards, Ed
_____________________
Ed Simon 
Principal, XMLsec Inc. 
(613) 726-9645 

Interested in XML, Web Services, or Security? Visit "http://www.xmlsec.com".


New! "Privacy Protection for E-Services" published by Idea Group (ISBN:
1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). 
Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML,
and SAML".
See the Table of Contents here: "http://tinyurl.com/rukr4".

-----Original Message-----
From: www-xkms-request@w3.org [mailto:www-xkms-request@w3.org] On Behalf Of
Stephen Farrell
Sent: October 17, 2006 08:14
To: Michael Wilde
Cc: www-xkms@w3.org
Subject: Re: XKMS and X509v3 attributes, where to put them in?




Michael Wilde wrote:
> This raises the question: is there any standardized request/response 
> protocol available for the communication with an Attribute Authority yet?

SAML.

S.




 		
---------------------------------
NEU: Fragen stellen - Wissen, Meinungen und Erfahrungen teilen. Jetzt auf Yahoo! Clever.

Received on Thursday, 19 October 2006 10:27:36 UTC