W3C home > Mailing lists > Public > public-ws-policy@w3.org > September 2006

Issue 3708 - Update security considerations section of Framework to include discussion of XML Signature use as well as additional security considerations from Primer

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Wed, 13 Sep 2006 08:03:58 -0700
Message-Id: <15456598-728A-4E5C-9C4B-2280ADC8BC50@nokia.com>
Cc: Hirsch Frederick <frederick.hirsch@nokia.com>
To: public-ws-policy@w3.org

Issue 3708 - <http://www.w3.org/Bugs/Public/show_bug.cgi?id=3708>

Description - Update security considerations section of Framework to  
include discussion of XML Signature use as well as additional  
security considerations from Primer

Justification - Core document should include informative Securiity  
Considerations section. Integrity protection and source  
authentication provided by XML Signature in non-messaging context  
should be included as consideration.

Target - WS-Policy Framework [1]

Proposal:

1) Add sentence at end of current section 5 (Security Considerations):

Policies may be signed using XML Signature to provide integrity  
protection and origin authentication, especially in contexts where  
message security is not appropriate.

2) Incorporate  security considerations listed in contributed primer  
into Framework document. See Appendix A in PDF referenced in
<http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001>

Test: review of section

[1] <http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy- 
framework.html?content-type=text/html;%20charset=utf-8>

regards, Frederick

Frederick Hirsch
Nokia
Received on Wednesday, 13 September 2006 15:10:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:41 GMT