Re: XKMS and X509v3 attributes, where to put them in? from Gregorio Martinez on 2006-10-24 (www-xkms@w3.org from October 2006)

From: Gregorio Martinez <gregorio@dif.um.es>
Date: Tue, 24 Oct 2006 15:47:08 +0200
To: Michael Wilde <michael.wilde@yahoo.de>
Cc: www-xkms@w3.org
Message-ID: <453E195C.6060607@dif.um.es>
Hi Michael, hi all,

I was just providing the information of our WS-oriented implementation as you were requesting info on WS implementations that can be used for a proof 
of concept; regarding the use of XKMS for ACs, I agree with the answer already provided by Stephen and my colleague Manuel as part of this thread, so 
I would better go for SAML as a request/response protocol to communicate with an Atribute Authority.


Best regards, Gregorio

Gregorio Martinez, PhD
University of Murcia (UMU), Spain




Michael Wilde wrote:
> Hi Gregorio,
> 
> so you mean the only chance to issue Attribute Certificate with a 
> standardized request/response protocol is the usage of an XKMS server? 
> The XKMS server would then act as a CA for ACs as well as PKCs, so the 
> specification would have to be changed, or a "special" kind of XKMS 
> service would have to be implemented. As far as I know XKMS does not 
> support issuing ACs directly.
> 
> Since we are using our own XKMS client implementation, we are interested 
> in separating the CA for ACs and the CA for PKCs to stay standard 
> conform and keep the interoperability with other XKMS implementations.
> 
> Furthermore I would not like to use SAML attributes for our purposes, 
> but ACs as mentioned before.
> 
> Regards,
> Michael.
> 
> 
> */Gregorio Martinez <gregorio@dif.um.es>/* schrieb:
> 
>     Hi Michael, hi all,
> 
>     you can find an open-source implementation of XKMS supporting WS
>     from our group at http://sourceforge.net/projects/xkms For SAML, we
>     have been also
>     doing some research and prototyping, but mostly related with Network
>     Access, so we initially avoid using WS in the design.
> 
> 
>     Kind regards, Gregorio
> 
>     Gregorio Martinez, PhD
>     University of Murcia (UMU), Spain
> 
> 
> 
>     Michael Wilde wrote:
>      > Hi Ed,
>      >
>      > I must admit that I am not familiar with SAML yet. Basically I am
>      > looking for a standardized way to send and receive messages to a
>     trusted
>      > authority that is able to issue Attribute Certificates. The role
>      > information has to be included as attribute in such ACs.
>      >
>      > Stephen told me to use SAML but I am still not sure if it is
>     suiteable
>      > in the scenario sketched in one of my previous postings. At the
>     moment
>      > we are thinking of a solution that uses both PKCs and ACs for
>      > authentication and authorization. We use XKMS to request and
>     retreive
>      > PKCs and should use SAML (?) for the same reason with ACs.
>      >
>      > Are there any Web services available that could be used for proof of
>      > concept testings yet?
>      >
>      > Regards,
>      > Michael.
>      >
>      >
>      > */Ed Simon /* schrieb:
>      >
>      >
>      > In a Web Services context, one could look at starting with an X.509
>      > token
>      > and then exchanging that, through WS-Trust, for a related SAML token
>      > containing the role information.
>      >
>      > Michael, Manuel, does that sound like it would suit your problem
>      > scenario?
>      >
>      > Regards, Ed
>      > _____________________
>      > Ed Simon
>      > Principal, XMLsec Inc.
>      > (613) 726-9645
>      >
>      > Interested in XML, Web Services, or Security? Visit
>      > "http://www.xmlsec.com".
>      >
>      >
>      > New! "Privacy Protection for E-Services" published by Idea Group
>     (ISBN:
>      > 1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover).
>      > Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML,
>      > XACML,
>      > and SAML".
>      > See the Table of Contents here: "http://tinyurl.com/rukr4".
>      >
>      > -----Original Message-----
>      > From: www-xkms-request@w3.org [mailto:www-xkms-request@w3.org] On
>      > Behalf Of
>      > Stephen Farrell
>      > Sent: October 17, 2006 08:14
>      > To: Michael Wilde
>      > Cc: www-xkms@w3.org
>      > Subject: Re: XKMS and X509v3 attributes, where to put them in?
>      >
>      >
>      >
>      >
>      > Michael Wilde wrote:
>      > > This raises the question: is there any standardized
>     request/response
>      > > protocol available for the communication with an Attribute
>      > Authority yet?
>      >
>      > SAML.
>      >
>      > S.
>      >
>      >
>      >
>      >
>     ------------------------------------------------------------------------
>      > NEU: Fragen stellen - Wissen, Meinungen und Erfahrungen teilen.
>     Jetzt
>      > auf Yahoo! Clever
>      > .
>      >
> 
> 
> ------------------------------------------------------------------------
> Keine Lust auf Tippen? Rufen Sie Ihre Freunde einfach an.
> Yahoo! Messenger. Jetzt installieren 
> <http://de.rd.yahoo.com/evt=39060/*http://de.messenger.yahoo.com>.
Received on Tuesday, 24 October 2006 13:47:38 UTC