W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

D-AC006.2 discussion points

From: Christopher Ferris <chris.ferris@sun.com>
Date: Sat, 04 May 2002 09:53:22 -0400
Message-ID: <3CD3E7D2.7000806@sun.com>
To: www-ws-arch@w3.org
MSFT: The W3C is not an articulator of security policies, but rather an
articulator of languages and protocols in which such policies can be
stated and by which such policies can be enforced.

SAG: More substantially, this seems awfully ambitious for a reference
architecture; we need to identify the architectural components responsible
for enforcing security policies, and perhaps setup a working group chartered
to define the mechanisms to counter and mitigate the security hazards.

SUNW: WSAWG's responsibility is not to develop these, but to outline and
scope them for a new WG to take on as a deliverable.

SYBS: I think we may come up with model which will allow
people to establish security policies across
web service invocations, but not sure if we would come
up with a set of security policies to be supported
by an architecture.

W3C: See http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0011.html

PF: I don't believe it is a required part of a reference architecture to
solve all identifiable security problems.  Vendors might want to
differentiate their products based on their security solutions, while
remaining interoperable with other products.

CrossWeave: I think we should provide security mechanisms for
combating threats, but should leave the policies up to implementations.
Received on Saturday, 4 May 2002 09:56:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT