W3C home > Mailing lists > Public > www-ws-arch@w3.org > January 2004

Re: Abbie's security section

From: Hugo Haas <hugo@w3.org>
Date: Tue, 20 Jan 2004 15:55:48 +0100
To: Francis McCabe <frankmccabe@mac.com>
Cc: www-ws-arch@w3.org
Message-ID: <20040120145548.GI2419@w3.org>
* Francis McCabe <frankmccabe@mac.com> [2004-01-18 12:40-0800]
> I have added Abbie's draft stakeholder section on security to the doc.  
> For the moment, the existing one is there also -- to allow a  
> comparison.

Here are some comments on the $Date: 2004/01/19 17:43:27 $ version:

It would be clearer IMO if the sections " HTTPS/SSL" and
" Other Technologies" were called " Transport-level
security" and " Message-level security" to emphasize the

In, I would replace:

| In contrast with HTTPS/SSL, the security protocols offered by
| WS-Security and ebXML messaging are at the message level, achieved by
| extensions to the SOAP headers.


  In contrast with the transport-level security provided by HTTPS/SSL,
  SOAP extensions can be used to provide message-level security, such
  as the Web Services Security: SOAP Message Security specification.

Rationale: highlights the difference of security level, references
community effort around it.

I'll be happy to make those changes if there is no pushback.

Also, I think that "3.4.4 Trust and Discovery" could benefit from a
few words about federation. I remember that Abbie didn't want to
develop it too much, but a few words about it here may not hurt.




Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/

Received on Tuesday, 20 January 2004 09:55:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:41:10 UTC