W3C home > Mailing lists > Public > public-ws-addressing@w3.org > March 2005

RE: trust model and epr security

From: Rich Salz <rsalz@datapower.com>
Date: Sun, 13 Mar 2005 10:56:23 -0500 (EST)
To: "Srinivas, Davanum M" <Davanum.Srinivas@ca.com>
cc: "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>
Message-ID: <Pine.LNX.4.44L0.0503131052190.7054-100000@smtp.datapower.com>

> Question #1: If we add the wsa:Security, will it make it automatically
> usable with current toolkits? (or) will it just show everyone how to
> implement this (if they read our spec and make changes to their existing
> toolkits)?

It will make the simple things -- signature validation, for example --
much more likely to "just work."  I do not have a lot of experience with a
wide variety of WS-Security toolkits (some folks consider us competition
:), but I have seen some that assume that *all* security work is in the
WS-Security header.

It will *not* make the trust issues -- the thing I mentioned as the "key
paragraph" automatic.

> Question #2: Are there changes we can make that will make this scenario
> work with existing toolkits? (i guess not, if it were you would not have
> had to write this long email. right? :)

I don't know of any toolkit that "just does this."  I'm not sure
it's possible.  Even if there were, however, I think it's worthwhile
for this WG to understand some of the issues involved, as most of the
people here aren't actively involved in that part of things, as far as
I can tell.

At the risk of hubris, I'd really like to see what I wrote become
the basis of something official that comes out of this WG.

        /r$

-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
Received on Sunday, 13 March 2005 15:56:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:35:04 GMT