W3C home > Mailing lists > Public > public-ws-addressing@w3.org > March 2005

RE: Proposing a wsa:Security element

From: Ashok Malhotra <ashok.malhotra@oracle.com>
Date: Mon, 14 Mar 2005 12:33:01 -0800
To: Marc Hadley <Marc.Hadley@Sun.COM>
CC: Hugo Haas <hugo@w3.org>, public-ws-addressing@w3.org, Rich Salz <rsalz@datapower.com>
Message-ID: <20050314123301544.00000000648@amalhotr-pc>

> Did you have another group in mind ? 
There has been talk about starting a Policy WG.

> IMO we are defining 
> addressing and we should also be defining how to secure the 
> addressing information. 

I think securing the addressing information has a lot in common
woth securing other kinds of information and is orthogonal to
the real concerns of the WS-Addressing WG.

All the best, Ashok
 

> -----Original Message-----
> From: Marc.Hadley@Sun.COM [mailto:Marc.Hadley@Sun.COM] On 
> Behalf Of Marc Hadley
> Sent: Monday, March 14, 2005 11:59 AM
> To: Ashok Malhotra
> Cc: Hugo Haas; public-ws-addressing@w3.org; Rich Salz
> Subject: Re: Proposing a wsa:Security element
> 
> On Mar 14, 2005, at 11:17 AM, Ashok Malhotra wrote:
> >
> > In my view, all the security information shd be collected 
> together and 
> > shd go in the policy sub-bucket of the metadata bucket.  
> But there are 
> > many subtleties here depending on which direction the message is 
> > flowing etc.
> >
> > I suggest that the WS-Addressing WG not attempt to solve 
> this problem.
> > The existence of a metadata bucket(in place or by 
> reference) is fine.
> > The details shd be left to another WG.
> >
> Did you have another group in mind ? IMO we are defining 
> addressing and we should also be defining how to secure the 
> addressing information. 
> I'm strongly opposed to this group failing to adequately 
> address the security implications of our specification so 
> users have to wait for another WG (in say WS-I) to provide 
> the necessary information to get secure interoperability.
> 
> Marc.
> 
> >
> >> -----Original Message-----
> >> From: public-ws-addressing-request@w3.org
> >> [mailto:public-ws-addresspendiing-request@w3.org] On 
> Behalf Of Rich 
> >> Salz
> >> Sent: Monday, March 14, 2005 7:31 AM
> >> To: Hugo Haas
> >> Cc: public-ws-addressing@w3.org
> >> Subject: Re: Proposing a wsa:Security element
> >>
> >>
> >>> Couldn't such information go in the [metadata] bucket? It
> >> seems that
> >>> we added it for things just like that.
> >>
> >> Perhaps.  If you see my longer note about "trust model,"
> >> you'll see that we need a way to aggregate a bunch of security 
> >> information, and make sure it ends up in a WS-Security 
> element.  This 
> >> may be different from other security information that just 
> needs to 
> >> be used between the client and the epr minter (which,  I 
> know, if out 
> >> of scope; out security model should support some kind of 
> interaction 
> >> there, however).
> >>
> >> Yes, a wsa:Security can go into the metadata bucket.  But 
> saying that 
> >> all or any ds:Signature, wsse:SecurityTokenReference, 
> etc., elements 
> >> get the kind of binding I propsed for wsa:Security, is a mistake.
> >>
> >> 	/r$
> >>
> >> --
> >> Rich Salz, Chief Security Architect
> >> DataPower Technology
> >> http://www.datapower.com
> >> XS40 XML Security Gateway
> >> http://www.datapower.com/products/xs40.html
> >>
> >>
> >>
> >
> >
> >
> ---
> Marc Hadley <marc.hadley at sun.com>
> Web Technologies and Standards, Sun Microsystems.
> 
> 
> 
Received on Monday, 14 March 2005 20:34:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:35:04 GMT