W3C home > Mailing lists > Public > www-ws@w3.org > March 2002

RE: Security?

From: Michele Costabile <mico@zucchetti.com>
Date: Tue, 5 Mar 2002 04:31:52 -0500 (EST)
To: "Henrik Frystyk Nielsen" <henrikn@microsoft.com>, "Anne Thomas Manes" <anne@manes.net>, <www-ws@w3.org>
Message-ID: <BAEFLENCGOPABJGCAMEMCECGCMAA.mico@zucchetti.com>
I think I need a clarification.
Most security schemes I have seen lately (an ten are invented every hour)
use SOAP headers in some way and some level of cryptography.
All of the SOAP services that will be offered for a fee will have some
schema of licensing, i.e. will tweak SOAP headers.
SOAP headers are not described in WSDL.
I think we need at least a way to express
i) which headers should be there
ii) the two or three more commmon semantics of headers, like someHeader1 is
a kerberos ticket while header thatHeader is a user login
iii) an extension mechanism for everything else.

If WS-Arch steers too clear of defining mechanisms we will lose the ability
of dynamic configuration for all the web services not offered for free.


> -----Original Message-----
> From: Henrik Frystyk Nielsen [mailto:henrikn@microsoft.com]
> Sent: venerdi 15 febbraio 2002 18.23
> To: Anne Thomas Manes; Michele Costabile; www-ws@w3.org
> Subject: RE: Security?
>
>
>
> As a friendly amendment, while it is certainly within the scope [1] of
> the WS-Arch WG to consider security and licensing, it doesn't seem to be
> within its scope to actually define such mechanisms.
>
> Henrik
>
> [1] http://www.w3.org/2002/01/ws-arch-charter
>
> >No formal activity is underway at this time to standardize WS
> >Security protocols. We just recently formed the Web Services
> >Architecture Working Group, and one of the goals of this group
> >is to address security. See http://www.w3.org/2002/01/ws-arch-charter
> >
> >Best regards,
> >
> >Anne Thomas Manes
> >CTO, Systinet
> >www.systinet.com
> >
> >> -----Original Message-----
> >> From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On
> >Behalf Of
> >> Michele Costabile
> >> Sent: Friday, February 15, 2002 11:37 AM
> >> To: www-ws@w3.org
> >> Subject: Security?
> >>
> >>
> >> There are a lot of emergin models for applying security to web
> >> services, e.g. using SOAP header to transport Kerberos tickets or
> >> licence data. Is W3C working on a common specification for security
> >> and licensing in WS?
>
Received on Tuesday, 5 March 2002 10:33:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:40 GMT