Message protocol for SSO
Guy Rixon
gtr at ast.cam.ac.uk
Tue Jul 6 01:18:47 PDT 2004
Hi,
I've posted the message-protocol document for the SSO profile:
http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/SSO-msg-protocol.html
Significant changes since the original proposal:
1. The nonce is now in a wsu:Timestamp element instead of a wss:UsernameToken.
UsernameToken is maybe not so appropriate since it implies an alternative
authentication that we don't plan to support. wsu:Timestamp doesn't normally
contain wss:Nonce but is extensible (contains an Any), so can be used.
2. I've dropped SAML as an allowed type of warrant: X.509 is now the only
option. This is because I don't understand enough of SAML to pick the right
elements and SAML is a vast standard with gobbledegook documentation. If
anybody can honestly tell us the "right" SAML elements to use, then we can put
them in our profile. Otherwise, I suggest that we go with X.509 for now and
return to SAML when best practice is known (or when the O'Reilly book comes
out; post the ISBN if you know it's out already).
The PKI document is to follow today or tomorrow.
Guy Rixon gtr at ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
More information about the grid
mailing list