W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: D-AR006.10 discussion points

From: Darran Rolls <Darran.Rolls@waveset.com>
Date: Wed, 8 May 2002 11:00:30 -0500
Message-ID: <6244FCD1F88EC14BACDD2A319FD338242DC5E7@hawaii.waveset.com>
To: "Joseph Hui" <Joseph.Hui@exodus.net>, "wsawg public" <www-ws-arch@w3.org>
>> WVST: This is very vague.  Security policy means a lot of different
>> things.  I apologize if I missed this one, but when we say 
>> "description" what do we mean?
>
>The description of a security policy.
>Are you trying to tempt someone into talking [mechan]isms? :-)

No, although I'm sure lively debate is a for-drawn conclusion ;-).  

No, just an understanding of the scope of what we mean by Security Policy.  For example, this could mean a password policy for accounts created in/through the service.  It could mean the policies implemented by the service provider (internally).  I'm happy to let this detail come out in the proposed WG (and happy to contribute to it's definition at that time).

Darran Rolls  
MSIM  drolls_waveset@hotmail.com 
AIM    drollswaveset 
YIM    drolls_waveset
http://www.waveset.com/ 
drolls@waveset.com 


-----Original Message-----
From: Joseph Hui [mailto:Joseph.Hui@exodus.net] 
Sent: Wednesday, May 08, 2002 10:53 AM
To: Darran Rolls; wsawg public
Subject: RE: D-AR006.10 discussion points

> -----Original Message-----
> From: Darran Rolls [mailto:Darran.Rolls@waveset.com]
> Sent: Tuesday, May 07, 2002 9:33 PM
> To: wsawg public
> Subject: RE: D-AR006.10 discussion points
> 
> 
> On the assumption that "description" refers to WSDL, I'd like 
> to re ask
> the CMPQ question below?
> 
> --------------------------------------------------------
> Darran Rolls                      http://www.waveset.com
> Waveset Technologies Inc          drolls@waveset.com 
> (512) 657 8360                    
> --------------------------------------------------------
> 
> 
> -----Original Message-----
> From: Christopher Ferris [mailto:chris.ferris@sun.com] 
> Sent: Saturday, May 04, 2002 8:59 AM
> To: wsawg public
> Subject: D-AR006.10 discussion points
> 
> WVST: This is very vague.  Security policy means a lot of different
> things.  I apologize if I missed this one, but when we say 
> "description" what do we mean?

The description of a security policy.
Are you trying to tempt someone into talking [mechan]isms? :-)
 
> SYBS: To be discussed whether all Web Services need to have a
> security policy.

Discuss we may.
I believe it's a foregone conclusion, which reflects the
reality, that NOT "all Web Services need to have 
security policy."
 
> W3C: See
> http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0013.html

The text uses SHOULD.  For those that don't need security, just
say NO its sec desc.

> ORCL: SHOULD->MUST, security is important enough that every WS must
> have a security description, even if it is <no security>

Maybe.  It the WG's consensus goes along, then the upgrade
will be in order.  (One may argue that <no security> can be
assume by default, i.e. the absense of a sec pol desc implies
<no security>.)

> CMPQ: Should the description of a Web Service be in the scope 
> of WSDL WG rather than WSA?

I'd say primarily in WSDWG and secondarily in WSAWG.
Recall I mentioned in the telcon the week prior
to publishing the req draft that it'd be critical to get this
req into the draft for the public to discuss ASAP because the
adoption of the req would necessitate liason efforts between
WSAWG and WSDWG specifically for this req.

Joe Hui
Exodus, a Cable & Wireless service
Received on Wednesday, 8 May 2002 12:01:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT