RE: D-AG006 Security : Proposal for a task force for writing the Security WG Charter from Ahmed, Zahid on 2002-05-08 (www-ws-arch@w3.org from May 2002)

From: Ahmed, Zahid <zahid.ahmed@commerceone.com>
Date: Wed, 8 May 2002 12:09:08 -0700
To: www-ws-arch@w3.org
Message-ID: <C1E0143CD365A445A4417083BF6F42CC02F890B1@C1plenaexm07.commerceone.com>
>I'm really proposing a depth first approach, which is taking a 
>first cut at some specific sections, including security, in 
>the usage scenarios and requirements documents.   In my mind, 
>the key thing is to figure out the high priority areas to 
>look at. 


This process seems pretty realistic. It will also help
accelerate getting to the point of some level of 
agreement/closure of what is covered in the current 
usage scenario and reqmnts documents. 

I agree we need to identify the high priority areas by 
reviewing the current usage scenario and requirements 
documents. The earlier we shake out what's in and what's
out, the better. This effort can lead to an inital cut at
web services security requirements list that can help 
define the goals of a web services security WG. Can we
start work on security WG charter in parallel? See
below.

>Once we kick the groups off, then we continue in the 
>refinement of usage scenarios, requirements, and
>architecture.  If (when) issues come up with chartered 
>groups, then we can do course corrections. 

I'm also concerned if the usage sceanrio and requirements 
docs are consistent to one another, particularly in the 
area of web services security. If they are not consistent 
or complete, it seems to me that, for example, a security 
working group should be able to help refine the usage 
scenario to better reflect web services security model and 
requirements in the usage scenario document.

This has to be somewhat of an iterative process where the
web services security layer(s) can get rolled into overall
web servcies architecture and usage scenario document.
The concern is that if we can can't make progress on web
services security because we are wating for other layers to
be hammered out, then this is a sequential process, which
potentially is time-consuming. Hence concurrent work by 
starting up the security wg chartering effort as soon
as possible seems like a good next step.

thanks,
Zahid



-----Original Message-----
From: David Orchard [mailto:dorchard@bea.com]
Sent: Tuesday, May 07, 2002 6:55 PM
To: 'Ahmed, Zahid'; www-ws-arch@w3.org
Subject: RE: D-AG006 Security : Proposal for a task force for writing
the Security WG Charter


Zahid,

My proposal is that the Requirements document and Usage Scenario documents
do not need to be completed before chartering commence.  For example, there
is no reason why we need to complete the "service discovery" usage scenarios
before starting security wg.

I'm really proposing a depth first approach, which is taking a first cut at
some specific sections, including security, in the usage scenarios and
requirements documents.   In my mind, the key thing is to figure out the
high priority areas to look at.  Once we kick the groups off, then we
continue in the refinement of usage scenarios, requirements, and
architecture.  If (when) issues come up with chartered groups, then we can
do course corrections.   In fact, the issue was talked about yesterday at
the AC meeting - of course at my prompting ;-).  You can check the minutes
of the AC meeting, but suffice to say that the Director was supportive of
this proposed approach, though he had reservations about giving blank
cheques.

Cheers,
Dave

> -----Original Message-----
> From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
> Behalf Of Ahmed, Zahid
> Sent: Tuesday, May 07, 2002 5:26 PM
> To: www-ws-arch@w3.org
> Subject: RE: D-AG006 Security : Proposal for a task force for writing
> the Security WG Charter
>
>
> Completing the Web Services Requirements and the Web
> Services Architecture Usage Scenario documents, which
> both contain security requirements and securty examples,
> in them is very important for any concrete work to be
> done by a security working group.
>
> However, we could, in parallel:
>
> 1) decide what Web Services WGs should we focus on?
> 2) define the objectives of the required W3C Web Services WGs.
> E.g., via charter templates.
>
> This is pretty much echoing what David already has
> proposed.
>
> thanks,
> Zahid
>
>
>
>
>
> -----Original Message-----
> From: Joseph Hui [mailto:Joseph.Hui@exodus.net]
> Sent: Tuesday, May 07, 2002 4:45 PM
> To: Mark Baker; Abbie Barbir
> Cc: www-ws-arch@w3.org
> Subject: RE: D-AG006 Security : Proposal for a task force for writing
> the Security WG Charter
>
>
> +1
>
> Joe Hui
> Exodus, a Cable & Wireless service
> =============================================
>
> > -----Original Message-----
> > From: Mark Baker [mailto:distobj@acm.org]
> > Sent: Tuesday, May 07, 2002 3:26 PM
> > To: Abbie Barbir
> > Cc: www-ws-arch@w3.org
> > Subject: Re: D-AG006 Security : Proposal for a task force
> for writing
> > the Security WG Charter
> >
> >
> > On Tue, May 07, 2002 at 04:00:06PM -0400, Abbie Barbir wrote:
> > > can we have a task force that write the charter for the
> Security WG.
> > > I do volunteer to be the editor for that activity.
> >
> > Shouldn't we try to at least come to concensus on security
> > requirements
> > first?  Furthermore, we should aim to (at least) come to
> concensus on
> > the "horizontal" requirements that would impact this work; Web
> > architecture, for example.
> >
> > This seems *highly* premature to me.
> >
> > MB
> > --
> > Mark Baker, Chief Science Officer, Planetfred, Inc.
> > Ottawa, Ontario, CANADA.      mbaker@planetfred.com
> > http://www.markbaker.ca   http://www.planetfred.com
> >
> >
>
>
Received on Wednesday, 8 May 2002 15:09:19 UTC