Hi Nate, Could you elaborate a little on where you think Liberty ID-WSF might integrate into the protocol stack? Or maybe another way to put this is: What components of Liberty ID-WSF (which is huge!) do you think are relevant here? If Shibboleth chooses to align with Liberty, I think that's fine, but it's not at all clear to me how this impacts the Grid, and hence my questions above. Speaking as a Globus developer, Liberty ID-WSF in Globus Toolkit (if that's what you're proposing) will be a hard sell since 1) Globus has already made significant investments in WS-Security and WS-SecureConversation, and 2) ID-WSF may be incompatible with WSRF (in their use of WS-Addressing, in particular). If you can shed any light on this issue, that would be great. Thanks, Tom Scavo NCSA On 2/26/07, Nate Klingenstein <ndk@internet2.edu> wrote:
Everyone,
I mentioned on the call today that the Liberty Alliance effort has defined ID-WSF, a web services framework for identity management functions that may be useful to OGSA. It allows for fairly powerful identity management and integrates well with SAML and others.
http://www.projectliberty.org/resource_center/specifications/ liberty_alliance_id_wsf_2_0_specifications
I think it's also worth taking some time to analyze WS-Trust, a specification that intends to generalize security token exchange.
http://www-128.ibm.com/developerworks/library/specification/ws-trust/
I'll just set these out for informational purposes right now without making any particular recommendations. These could both feed into profiling efforts surrounding WS-Security and WS-SecureConversation. As you read this, I'd ask you to please keep a mental distinction between protocol and token format.
Thanks for your time, Nate.
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg