RE: D-AG006 Security from Sandeep Kumar on 2002-05-09 (www-ws-arch@w3.org from May 2002)

From: Sandeep Kumar <sandkuma@cisco.com>
Date: Wed, 8 May 2002 17:33:40 -0700
To: "Anne Thomas Manes" <anne@manes.net>, "Mark Baker" <distobj@acm.org>, "Darran Rolls" <Darran.Rolls@waveset.com>
Cc: "David Orchard" <dorchard@bea.com>, "Dilber, Ayse, ALASO" <adilber@att.com>, "Joseph Hui" <Joseph.Hui@exodus.net>, "Edgar, Gerald" <gerald.edgar@boeing.com>, "Abbie Barbir" <abbieb@nortelnetworks.com>, "Allen Brown" <allenbr@microsoft.com>, <www-ws-arch@w3.org>
Message-ID: <GEEIIPGIGJHOLHFLNCJAEEOACGAA.sandkuma@cisco.com>

Anne: I fully agree with you the way you have outlined the domain
for this (to be?) proposed new WG.

I would lke to further add that ALL of these technologies MUST
be comprehensively considered by that WG as part of 1-PHASE and NOT in
phases
(as I saw some such mention in a thread).

Sandeep

-----Original Message-----
From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
Behalf Of Anne Thomas Manes
Sent: Wednesday, May 08, 2002 2:29 PM
To: Mark Baker; Darran Rolls
Cc: Anne Thomas Manes; David Orchard; Dilber, Ayse, ALASO; Joseph Hui;
Edgar, Gerald; Abbie Barbir; Allen Brown; www-ws-arch@w3.org
Subject: RE: D-AG006 Security

Mark,

The problem does not already have a solution. There are a number of
standards that will be cited by this working group (XML Signature, XML
Encryption, XKMS, SAML, XACML, etc.), but there's no standard that ties
these standards to Web services and SOAP. We need a standard that defines
how to sign all or part of a SOAP message, how to represent the XML
signature in a SOAP message, how to obtain the keys necessary to decrypt the
message, how to pass credentials in a SOAP message, and how to represent
credential delegation in a SOAP message, etc., etc.. The best specification
at our disposal is IBM/Microsoft/Verisign's WS-Security, but it isn't a
standard. And it doesn't talk about how to pass SAML assertions or XACML
policies in a SOAP message. It doesn't tie in XKMS. That's why we need a
working group.

Anne

> -----Original Message-----
> From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
> Behalf Of Mark Baker
> Sent: Wednesday, May 08, 2002 4:26 PM
> To: Darran Rolls
> Cc: Mark Baker; Anne Thomas Manes; David Orchard; Dilber, Ayse, ALASO;
> Joseph Hui; Edgar, Gerald; Abbie Barbir; Allen Brown; www-ws-arch@w3.org
> Subject: Re: D-AG006 Security
>
>
> On Wed, May 08, 2002 at 02:12:27PM -0500, Darran Rolls wrote:
> > Sounds like a potential part of the charter wording "ensuring reuse of
> > existing web service security standards..."
>
> That would be good too, in case we miss any.  But do we really want
> to charter a WG only to find out that the problem already has a
> solution?
>
> As I said on our very first call, I strongly believe that we don't
> have as much work to do as most WG members might believe, at least
> for some areas (not all).  I request the opportunity to demonstrate
> this.
>
> MB
> --
> Mark Baker, Chief Science Officer, Planetfred, Inc.
> Ottawa, Ontario, CANADA.      mbaker@planetfred.com
> http://www.markbaker.ca   http://www.planetfred.com
>

Received on Wednesday, 8 May 2002 20:35:04 UTC