W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: AC006.1: Threat model [..] for Web service endpoints and their communication

From: Joseph Hui <jhui@digisle.net>
Date: Thu, 2 May 2002 17:47:01 -0700
Message-ID: <C153D39717E5F444B81E7B85018A460B06685953@ex-sj-5.digisle.com>
To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org]
> Sent: Thursday, May 02, 2002 12:13 PM
> To: www-ws-arch@w3.org
> Subject: AC006.1: Threat model [..] for Web service endpoints 
> and their
> communication
> 
> 
> AC006.1 reads:
> 
> | AC006.1 The construction of a Web Services Threat Model based on
> | thorough analysis of existing and foreseeable threats to Web service
> | endpoints and their communication.
> 
> Is the threat model consideration is limited to endpoints and their
> communication? 

Pretty much so.  (You may want to refer to the WS Threat Model I
wrote in a previous msg prior to the F2F.  I didn't get around to finish
it, but the gist is there.)

> What is the implication of this?

The world will have well secured web services, along with fresh air
and clean water, mom and apple pie, ...  :-).

> What about security in say a registry of services?

If the registry manifests itself as a web service endpoint,
then it's covered.

Cheers,

Joe Hui
Exodus, a Cable & Wireless service
===============================================================
> 
> Regards,
> 
> Hugo
> 
> -- 
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> tel:+1-617-452-2092
> 
> 
Received on Thursday, 2 May 2002 20:47:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT