W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

"Onion model" explained

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Wed, 10 Jul 2002 12:13:33 -0700
Message-ID: <45258A4365C6B24A9832BFE224837D551D1C90@SJDCEX01.int.exodus.net>
To: <www-ws-arch@w3.org>
Cc: <hal.lockhart@entegrity.com>

Hi all,

During today's STF telcon I took an action item to
explain in the mailing list what the "onion model"
that we sometimes referred to in the WG's security
related threads was about.

So here it goes.

The "Onion model," for the lack of a better term, is in
essence a grouping of the WSAWG sec reqs for the benefit
of prioritizing them for a phased approach in delivering
our sec solutions/standards.  (The phased approach came
about inconsideration of the time-to-market factor often
recited in the WSAWG's discussions.)

The model comprises, in descending priority:

   Layer 1) Confidentiality, (Data) Integrity, Authentication;

         2) Authorization;

         3) Non-repudiation;

         4) Accessibility

         5) The remainder of the WSAWG sec requirements,
            including Auditing.

   Note that a phase may consist of one or more laysers.
   E.g. the first phase may include layer 1 only, or
   layers 1 & 2, dependent upon future decisions.

Cheers,

Joe Hui
Exodus, a Cable & Wireless service
Received on Wednesday, 10 July 2002 15:13:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:01 GMT