- From: Darran Rolls <Darran.Rolls@waveset.com>
- Date: Wed, 8 May 2002 11:00:30 -0500
- To: "Joseph Hui" <Joseph.Hui@exodus.net>, "wsawg public" <www-ws-arch@w3.org>
>> WVST: This is very vague. Security policy means a lot of different >> things. I apologize if I missed this one, but when we say >> "description" what do we mean? > >The description of a security policy. >Are you trying to tempt someone into talking [mechan]isms? :-) No, although I'm sure lively debate is a for-drawn conclusion ;-). No, just an understanding of the scope of what we mean by Security Policy. For example, this could mean a password policy for accounts created in/through the service. It could mean the policies implemented by the service provider (internally). I'm happy to let this detail come out in the proposed WG (and happy to contribute to it's definition at that time). Darran Rolls MSIM drolls_waveset@hotmail.com AIM drollswaveset YIM drolls_waveset http://www.waveset.com/ drolls@waveset.com -----Original Message----- From: Joseph Hui [mailto:Joseph.Hui@exodus.net] Sent: Wednesday, May 08, 2002 10:53 AM To: Darran Rolls; wsawg public Subject: RE: D-AR006.10 discussion points > -----Original Message----- > From: Darran Rolls [mailto:Darran.Rolls@waveset.com] > Sent: Tuesday, May 07, 2002 9:33 PM > To: wsawg public > Subject: RE: D-AR006.10 discussion points > > > On the assumption that "description" refers to WSDL, I'd like > to re ask > the CMPQ question below? > > -------------------------------------------------------- > Darran Rolls http://www.waveset.com > Waveset Technologies Inc drolls@waveset.com > (512) 657 8360 > -------------------------------------------------------- > > > -----Original Message----- > From: Christopher Ferris [mailto:chris.ferris@sun.com] > Sent: Saturday, May 04, 2002 8:59 AM > To: wsawg public > Subject: D-AR006.10 discussion points > > WVST: This is very vague. Security policy means a lot of different > things. I apologize if I missed this one, but when we say > "description" what do we mean? The description of a security policy. Are you trying to tempt someone into talking [mechan]isms? :-) > SYBS: To be discussed whether all Web Services need to have a > security policy. Discuss we may. I believe it's a foregone conclusion, which reflects the reality, that NOT "all Web Services need to have security policy." > W3C: See > http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0013.html The text uses SHOULD. For those that don't need security, just say NO its sec desc. > ORCL: SHOULD->MUST, security is important enough that every WS must > have a security description, even if it is <no security> Maybe. It the WG's consensus goes along, then the upgrade will be in order. (One may argue that <no security> can be assume by default, i.e. the absense of a sec pol desc implies <no security>.) > CMPQ: Should the description of a Web Service be in the scope > of WSDL WG rather than WSA? I'd say primarily in WSDWG and secondarily in WSAWG. Recall I mentioned in the telcon the week prior to publishing the req draft that it'd be critical to get this req into the draft for the public to discuss ASAP because the adoption of the req would necessitate liason efforts between WSAWG and WSDWG specifically for this req. Joe Hui Exodus, a Cable & Wireless service
Received on Wednesday, 8 May 2002 12:01:01 UTC