W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

Re: AC006.2: Web Services Security Policies

From: Timothy N. Jones <tim@crossweave.com>
Date: Fri, 3 May 2002 10:43:35 -0700 (PDT)
Message-ID: <12975584.1020447815446.JavaMail.tomcat@linux>
To: Hugo Haas <hugo@w3.org>
Cc: www-ws-arch@w3.org

I am also confused about the role of policies in the architecture.  

The mental model I have is that the architecture specifies the threat model,
the security technology provides the mechanisms to combat the identified
threats, and particular services provide the policies that utilize and
coordinate the mechanisms in particular contexts.

Tim

> Rereading AC006.1, AC006.2 and AC006.3, I am not sure I understand
> what Web Services Security Policies are.
> AC006.2 seems like an intermediary step for achieving AC006.3. Is it
> necessary? How is it related to "security policy" in D-AR006.10.
> Sorry to be going over that again, but it is not crystal-clear to me.
> Thanks.
> Regards,
> Hugo
> -- 
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Friday, 3 May 2002 13:44:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT