W3C home > Mailing lists > Public > www-xkms@w3.org > June 2002

RE: SOAP Confidentiality and Integrity: Next Step?

From: Krishna Sankar <ksankar@cisco.com>
Date: Tue, 18 Jun 2002 21:12:57 -0700
To: "'Dournaee, Blake'" <bdournaee@rsasecurity.com>, <reagle@w3.org>
Cc: <www-xkms@w3.org>
Message-ID: <00e701c21747$99301fe0$15d3fea9@amer.cisco.com>

Blake,

	That is not a bad thought at all. Actually, if I am correct, the
WS-Security does supersede the [1]. Between a full-fledged wg and an
informed note, given the current forces, I would support turning the
WS-Security into a note.

cheers

|  -----Original Message-----
|  From: www-xkms-request@w3.org 
|  [mailto:www-xkms-request@w3.org] On Behalf Of Dournaee, Blake
|  Sent: Tuesday, June 18, 2002 3:13 PM
|  To: 'reagle@w3.org'
|  Cc: www-xkms@w3.org
|  Subject: RE: SOAP Confidentiality and Integrity: Next Step?
|  
|  
|  
|  Joseph, All -
|  
|  Given that it looks like SOAP security will be rolled into 
|  ws-arch, what
|  will become of [1]?
|  
|  Is [1] limited in some way? Why not make an equivalent 
|  SOAP-enc note to
|  compliment this? Just out of curiosity...
|  
|  [1] http://www.w3.org/TR/SOAP-dsig/
|  
|  Blake Dournaee
|  Toolkit Applications Engineer
|  RSA Security
|   
|  "The only thing I know is that I know nothing" - Socrates
|   
|   
|  
|  
|  -----Original Message-----
|  From: Joseph Reagle [mailto:reagle@w3.org]
|  Sent: Tuesday, June 18, 2002 10:24 AM
|  To: www-ws-arch@w3.org
|  Cc: xml-encryption@w3.org; 3.org@w3.org; www-xkms@w3.org
|  Subject: SOAP Confidentiality and Integrity: Next Step?
|  
|  
|  
|  
|  This email is a final step in a thread in how to start work 
|  on providing 
|  confidentiality and integrity for SOAP messages. I've 
|  discused a range of 
|  security issues [1] with a conclusion that this topic 
|  (soap+xmldsig+xenc) 
|  is most pressing; however, I was not able to find agreement 
|  that this issue 
|  should be shoe-horned into an existing WG, instead it should 
|  be part of the 
|  Web Services security. [2]
|  
|  Though I'm relatively ignorant of the ws-arch discussions, 
|  I've heard the 
|  ws-arch WG is considering this issue and will try to have charters 
|  available for work in July [3], but that the immediate issue 
|  might also be 
|  delayed be consideration of the bigger issues. Consequently, 
|  I'd recommend 
|  that a charter for work in the WS Activity be specified with 
|  a scope no 
|  larger than [4] -- and potentially more narrow (e.g., 
|  without tokens). A 
|  "web services security" community does not yet exist (or it 
|  does, but it's 
|  fragmented) and starting work on this immediately not only 
|  commences with 
|  the work, but helps build a community which then can 
|  contribute to the 
|  larger discussion. For instance, because standardized 
|  security components 
|  do not yet exist, specifications such as XKMS [5] may end up 
|  specifying 
|  "one-off" versions in the short term. However, these could 
|  be contributed 
|  to the WS work. We all know somebody who knows somebody who 
|  is in the other 
|  WG, but sometimes that isn't quite enough. <smile/>
|  
|  In conclusion, I advocate a charter with specific and 
|  immediate terms, and 
|  an active recruitment of participants. Please let me know if 
|  and how events 
|  are likely to be otherwise. Thanks!
|  
|  
|  [1] 
|  http://lists.w3.org/Archives/Member/w3c-ac-|
forum/2002AprJun/0022.html
|  [2] 
|  http://lists.w3.org/Archives/Public/www-xenc-xmlp-tf/2002Jun/
0002.html
[3] http://www.w3.org/2002/05/28-ws-cg-irc.txt
[4] 
http://www-106.ibm.com/developerworks/security/library/ws-secure/?dwzone
=sec
urity
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobs
pec/
html/ws-security.asp
[5] http://lists.w3.org/Archives/Public/www-xkms/2002Jun/0016.html


--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Wednesday, 19 June 2002 00:13:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:16 GMT