<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16481" name=GENERATOR></HEAD>
<BODY
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2>Hi all,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2>Thanks for the responses.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2>At the moment I'm conducting an investigation into
ID-WSF, rather than fully implementing specific scenarios. To that effect,
I want to demo thing from the relatively simple, through to the more
complex, cross-principal scenarios.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2>At the simple end of the specturm, I want to demo
relatively straightforward scenario of an interactive user using an SP that
needs to pull information from a Personal Profile service. I would like to test
the simple case where the PP directly releases the info, and possibly the case
where the RedirectRequest protocol is used to redirect the user from the SP to
the PP to acquire permission. Based on the responses to my earlier message, I
have got a simple demo up and running, and should be able to re-skin that for
our demo purposes.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2>In terms of a cross-principal scenario, I am thinking of
something along the lines of:</FONT></SPAN></DIV>
<OL dir=ltr>
<LI>
<DIV align=left><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>I already have a relationship with CompanyA (federated pseudonymous
nameids etc).</FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>I SSO onto CompanyA's website and submit a
query.</FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>Later, an employee at CompanyA wants to respond to my query using their
CRM tool, and needs my Personal Profile to find my email
address.</FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>The CRM (SP) looks up my discovery service and locates my personal
profile service.</FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>The CRM sends a message to my personal profile
service.</FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>The Personal Profile services determines that I have already agreed to
release my information to CompanyA and returns my email adress. Altenatively,
it may need to contact my Interaction Service to approve release of my email
address.</FONT></SPAN></DIV></LI></OL><SPAN class=468155820-10062008>
<DIV dir=ltr align=left><SPAN class=468155820-10062008><FONT face=Arial
color=#0000ff size=2>This seems to me like a case similar to the cases in the
Interaction Service specification. </FONT></SPAN><SPAN
class=468155820-10062008><FONT face=Arial color=#0000ff size=2>For this type of
scenario I have two main questions:</FONT></SPAN></DIV>
<DIV dir=ltr align=left>
<OL dir=ltr>
<LI>
<DIV><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff size=2>How
does the CompanyA CRM get hold of my Discovery Service? Does it capture this
information when I federate my accounts, and then use either the NameID
mapping service or SSOS service of my IdP to get the appropriate tokens
for my discovery service when it needs to as the
DS?</FONT></SPAN></DIV></LI>
<LI>
<DIV><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff size=2>In
step 5 (CRM sends a request to the Personal Profile), who would be the
"RequestingPrincipal"? I see two options:</FONT></SPAN></DIV></LI>
<OL>
<LI>
<DIV><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff size=2>A
principal representing CompanyA (or perhaps CompanyA's CRM). This would
allow me to grant access to my email to CompanyA, and not worry about
changes in the CRM user group. Since I may deal with many people from the
CRM user group in subsequent interactions with CompanyA, this approach would
simplify my burden of granting access.</FONT></SPAN></DIV></LI>
<LI>
<DIV><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>The principal representing the CRM user. Perhaps the Personal Profile
can use SAML attributes in the RequestingPrincipal's assertion to determine
whether to grant access. However, this would make the policy enforcement at
the Personal Profile service fairly complex - it would need to know
what attribute statements to expect, and these could possibly be different
between different IdPs. Note that this approach would be perfect if I had a
specific account manager, but I'm thinking more of a generic consumer case,
where I might be a customer of Amazon.com and not have a specific person
looking after my account.</FONT></SPAN></DIV></LI></OL></OL></DIV>
<DIV dir=ltr><SPAN class=468155820-10062008></SPAN><SPAN
class=468155820-10062008><FONT face=Arial color=#0000ff size=2>Question 2 is
more conceptual than technical, but it would be interesting to get your
thoughts.</FONT></SPAN></DIV>
<DIV dir=ltr><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>Thanks,</FONT></SPAN></DIV>
<DIV dir=ltr><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2>Brett</FONT></SPAN></DIV>
<DIV dir=ltr><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr><SPAN class=468155820-10062008><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV></SPAN>
<DIV dir=ltr align=left>
<HR tabIndex=-1>
</DIV>
<DIV dir=ltr align=left><FONT face=Tahoma size=2><B>From:</B> Asa Hardcastle
[mailto:asa.openliberty@zenn.net] <BR><B>Sent:</B> Thursday, 5 June 2008 1:50
p.m.<BR><B>To:</B> Brett Beaumont<BR><B>Cc:</B>
Wsf-dev@lists.openliberty.org<BR><B>Subject:</B> Re: [wsf-dev] ID-WSF newbie
questions<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV apple-content-edited="true"><SPAN class=Apple-style-span
style="WORD-SPACING: 0px; FONT: 12px Verdana; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: separate; orphans: 2; widows: 2; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0">
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV>
<DIV>Hi Brett,</DIV></DIV></DIV></SPAN></DIV>
<DIV apple-content-edited="true"><SPAN class=Apple-style-span
style="WORD-SPACING: 0px; FONT: 12px Verdana; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: separate; orphans: 2; widows: 2; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0">
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT><FONT face=Arial color=#0000ff
size=2></FONT><BR></DIV></DIV></DIV></SPAN></DIV>
<DIV>
<BLOCKQUOTE type="cite">
<DIV>
<UL>
<LI><SPAN class=252542623-04062008><FONT face=Arial size=2>Can anyone
direct me to use cases implemented using
ID-WSF.</FONT></SPAN></LI></UL></DIV></BLOCKQUOTE>
<DIV><A
href="http://www.projectliberty.org/liberty/resource_center/case_studies">http://www.projectliberty.org/liberty/resource_center/case_studies</A>
(the location Conor referenced)</DIV><BR>
<BLOCKQUOTE type="cite">
<DIV>
<UL>
<LI><SPAN class=252542623-04062008><FONT face=Arial size=2>Can anyone
provide any information about server-side implementations of ID-WSF (i.e.
Discovery Service, IdP, etc. under either 1.1 or 2.0) and what their
experience has been?</FONT></SPAN></LI></UL></DIV></BLOCKQUOTE>
<DIV>Symlabs has a feature complete and interoperable (conformance tested and
approved) server (IdP, DS, AS, PP, PS, ID-DAP, etc etc). My experience
with it has been excellent. I test the OpenLiberty ID-WSF 2.0 Client
Library against both Conor's toolkit and Symlabs FIS.</DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT><FONT face=Arial color=#0000ff
size=2></FONT><BR></DIV><A
href="http://symlabs.com/products/federated-identity-suite">http://symlabs.com/products/federated-identity-suite</A></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT><FONT face=Arial color=#0000ff
size=2></FONT><BR></DIV>
<DIV>
<BLOCKQUOTE type="cite">
<DIV>
<UL>
<LI><SPAN class=Apple-style-span style="-webkit-text-stroke-width: -1">Has
anybody used the Conor Cahill server toolkit? It mentions that the
implementation is limited, but I wonder if this is complete enough for
prototyping purposes. I also see that the OpenLibertyJ client library
appears to have been tested against this
server.</SPAN></LI></UL></DIV></BLOCKQUOTE>
<DIV>Yes. Not only appears, but has been tested against. I have found it
great for prototyping, and recently built a partial implementation of a personal
profile service using Conor's toolkit. </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT><FONT face=Arial color=#0000ff
size=2></FONT><BR></DIV>
<DIV>Can you share anything about your use case?</DIV>
<DIV><BR></DIV>
<DIV>talk later,</DIV>
<DIV><BR></DIV>
<DIV>asa</DIV>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV>
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV>
<DIV>--</DIV>
<DIV>Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib</DIV>
<DIV>Tel: +1.413.429.1044 Skype: subsystem7</DIV>
<DIV><BR></DIV></DIV></DIV></DIV></DIV></BODY></HTML>