Hi,
I've uplaoded to the GWS-WG wiki wprking draft v0.2 of the authentication-mechanisms standard (this is the document previously called "message protocols"). This captures (I hope!) what we agreed at Kyoto and reaffirmed in Spain, and adds a lot of rather dry but necessary detail that I picked up during protoyping.
There are a few unresolved points on which I'd appreciate guidance. And feel free to rubbish the whole thing if you think I've got it wrong. :)
I'm working on a prototype implementation in Java. I hope to have it going for demonstration in Victoria. if anybody can cook up a second, interoperable prototype, then we will finally be clear to go to PR.
In respect of prototyping, beware! We have agreed to use Globus-style certificate chains (RFC3820 and dicussed in my document). Very few current implementations of WS-Security actual implement RFC3820. Most implementations choke on RFC3820 certificate-chains, producing unhelpful messages. Therefore, you need to add code at a low level when constructing a prototype out of 3rd-party components.
Cheers,
Guy
Guy Rixon gtr-at-ast.cam.ac.uk Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523Received on 2006-04-10Z21:08:06