W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

RE: ACTION-196

From: Doyle, Bill <wdoyle@mitre.org>
Date: Thu, 12 Apr 2007 15:16:27 -0400
Message-ID: <518C60F36D5DBC489E91563736BA4B58016919D0@IMCSRV5.MITRE.ORG>
To: "Chuck Wade" <Chuck@Interisle.net>, <public-wsc-wg@w3.org>
Chuck,
 
This is the text that I asked to be added to "Available Security
Context" section of the note. 
 
We needed something, this still has its issues.
 
B
 

Web Server / Application Security


The Web Server and User Agent must negotiate a configuration that is
mutually acceptable as noted in the User Agent section. Application
security adds additional safe guards in addition to transport layer
security (HTTPs). Application security can provide additional security
context in order to maintain session security or enhance web server
security to ensure that user data is private and secure from both
external and internal attacks.

Connection Security 

*	User Agent / Web Server config - connection (e.g. HTTP protocol
used in a secure mode) 
*	Acceptable Ciphers negotiated 
*	Certificate Authentication (verify the client cert) 

Hosted Application Security 

*	Authentication Robustness 

	*	Additional fields/services used by the web server to
verify the users authenticity

		*	Password customization
		*	Tokens, Biometrics

 
 
Received on Thursday, 12 April 2007 19:14:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT