Difference between revisions of "CLARIN/Security for web services"

From PDP/Grid Wiki
Jump to navigationJump to search
(more clarity in lay-out)
 
(92 intermediate revisions by 2 users not shown)
Line 1: Line 1:
* [http://www.isocat.org/ ISOcat] registry
+
{{CLARIN}}
* [http://www.clarin.eu/cmdi CMDI], component metadata infrastructure
+
'''This page has been superseded by a [[Media:Clarin-security_for_web_services-research-report010.pdf|report]].''' <br />
 +
A conclusion was to look into [[CLARIN/OAuth2|OAuth2]], which is being looked at [[CLARIN/OAuth2|here]].
  
 +
----
 +
 +
Notes after the report was finished:
 +
* [https://forge.switch.ch/redmine/projects/sts/wiki/Wiki EMI STS] is a new contender, but uses SAML ECP, which not many IdPs support
 +
 +
== Links ==
 
=== Standards ===
 
=== Standards ===
* [http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss OASIS Web Services Security]
+
* [http://kantarainitiative.org/confluence/display/uma/UMA+Explained User Managed Access] (UMA) has some overlap with this work; [http://www.ietf.org/mail-archive/web/oauth/current/msg08556.html seems to be] useful for person-to-person sharing
 +
* [http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss OASIS Web Services Security]: [http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-SOAPMessageSecurity.pdf WS-Security], [http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf username], [http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-x509TokenProfile.pdf X.509], [http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-SAMLTokenProfile.pdf SAML]
 
* [https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-saml/ A SASL and GSS-API Mechanism for SAML], uses base64 encoded SAML request in URL
 
* [https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-saml/ A SASL and GSS-API Mechanism for SAML], uses base64 encoded SAML request in URL
* [http://tools.ietf.org/html/draft-ietf-oauth-v2-10 OAuth 2.0]
+
* [http://download.oracle.com/docs/cd/E17802_01/webservices/webservices/reference/tutorials/wsit/doc/WSIT_Security4.html ways to use SAML] (and [http://download.oracle.com/docs/cd/E17802_01/webservices/webservices/docs/1.6/tutorial/doc/XWS-SecuritySamples7.html#wp580431 SAML interop scenarios])
 +
* [http://tools.ietf.org/html/draft-ietf-oauth-v2-10 OAuth 2.0], and [http://iiw.idcommons.net/SAML_Profiles_for_OAuth with SAML assertions]
  
 
=== Libraries ===
 
=== Libraries ===
 
* [http://www.rediris.es/oauth2/ OAuth 2 assertion profile library]
 
* [http://www.rediris.es/oauth2/ OAuth 2 assertion profile library]
 +
* Shibboleth [https://wiki.shibboleth.net/confluence/display/SHIB2/ECP ECP] [https://spaces.internet2.edu/display/ShibuPortal/IdPDelegationExtension IdPdelegation], [https://forge.switch.ch/redmine/projects/idwsfecp/wiki web-service client], and [https://spaces.internet2.edu/display/ShibuPortal/Configuring+Shibboleth+Delegation+for+a+Portal configuring it].
  
 
=== Federations ===
 
=== Federations ===
 
* [http://www.geant.net/Services/EndUserApplicationServices/Pages/eduGAIN.aspx eduGAIN]
 
* [http://www.geant.net/Services/EndUserApplicationServices/Pages/eduGAIN.aspx eduGAIN]
 
* [http://code.google.com/apis/opensocial/ OpenSocial]
 
* [http://code.google.com/apis/opensocial/ OpenSocial]
* [http://www.surfnet.nl/nl/Thema/SURFfederatie/diensten/Pages/ SURFfederatie diensten]
+
* [http://www.surfnet.nl/nl/Thema/SURFfederatie/diensten/ SURFfederatie diensten]
 +
 
 +
=== Other ===
 +
* [http://saml.xml.org/forum/n-tier-usage-of-saml-in-the-backend N-tier usage of SAML in backend]
 +
* [http://www.omg.org/news/meetings/workshops/Web_Services_USA_Manual/02-3_K_Smith.pdf Similar project] in US' department of defense
 +
* [http://portabilitypolicy.org/ Data portability], and [http://dataportability.org/ blog]
 +
* OAuth 2 uses bearer tokens and misses signatures, which [http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/ may become a problem].
 +
* Nice [http://davidlyness.com/post/twitter-oauth OAuth 1] and [http://www.independentid.com/2011/03/oauth-flows-extended.html OAuth 2] diagrams
 +
* [http://profsandhu.com/zhang/pub/sacmat11-xdauth.pdf xDAuth]
 +
* [http://contentdm.lib.byu.edu/ETD/image/etd2515.pdf SimpleAuth]: adaptation of OpenID to support delegation (though this might be something entirely different)
 +
* [http://ndg-security.ceda.ac.uk/wiki/MashMyData MashMyData security model]

Latest revision as of 11:28, 26 February 2013

<sidebar>

</sidebar> This page has been superseded by a report.
A conclusion was to look into OAuth2, which is being looked at here.


Notes after the report was finished:

  • EMI STS is a new contender, but uses SAML ECP, which not many IdPs support

Links

Standards

Libraries

Federations

Other