W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

D-AR006.7 discussion points

From: Christopher Ferris <chris.ferris@sun.com>
Date: Sat, 04 May 2002 09:56:35 -0400
Message-ID: <3CD3E893.3000500@sun.com>
To: "'www-ws-arch@w3.org'" <www-ws-arch@w3.org>
MSFT: To begin with, this should be called out as at a different level of
abstraction than the first 4 architecturral requirements. In addition,
this is just a web service, of which there will be many alternatives.

INTEL: Need some explanation about using Public Key Encryption (PKE), and not using
PKI. Also, the requirement should have been independent of any specific
technology such as PKE.

SYBS: Is it in the charter to identify at such fine grain technologies
to be used in Web Services

W3C: See http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0019.html

PF: I believe it sufficient that we say that public keys should be used.
That is very different than saying that PKI should be used.  The use
of public keys does not require PKI.

CrossWeave: This implies an implementation of authentication, integrity, and/or
confidentiality.  We shouldn't be prescribing implementations.

ATT: AT&T suggests to replace the word "include" with "INTEROPERABLE" so
it reads: The security framework must INTEROPERATE with Key Management,
pertaining to PKE and KDC
Received on Saturday, 4 May 2002 09:58:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT