- From: Krishna Sankar <ksankar@cisco.com>
- Date: Tue, 18 Jun 2002 21:12:57 -0700
- To: "'Dournaee, Blake'" <bdournaee@rsasecurity.com>, <reagle@w3.org>
- Cc: <www-xkms@w3.org>
Blake, That is not a bad thought at all. Actually, if I am correct, the WS-Security does supersede the [1]. Between a full-fledged wg and an informed note, given the current forces, I would support turning the WS-Security into a note. cheers | -----Original Message----- | From: www-xkms-request@w3.org | [mailto:www-xkms-request@w3.org] On Behalf Of Dournaee, Blake | Sent: Tuesday, June 18, 2002 3:13 PM | To: 'reagle@w3.org' | Cc: www-xkms@w3.org | Subject: RE: SOAP Confidentiality and Integrity: Next Step? | | | | Joseph, All - | | Given that it looks like SOAP security will be rolled into | ws-arch, what | will become of [1]? | | Is [1] limited in some way? Why not make an equivalent | SOAP-enc note to | compliment this? Just out of curiosity... | | [1] http://www.w3.org/TR/SOAP-dsig/ | | Blake Dournaee | Toolkit Applications Engineer | RSA Security | | "The only thing I know is that I know nothing" - Socrates | | | | | -----Original Message----- | From: Joseph Reagle [mailto:reagle@w3.org] | Sent: Tuesday, June 18, 2002 10:24 AM | To: www-ws-arch@w3.org | Cc: xml-encryption@w3.org; 3.org@w3.org; www-xkms@w3.org | Subject: SOAP Confidentiality and Integrity: Next Step? | | | | | This email is a final step in a thread in how to start work | on providing | confidentiality and integrity for SOAP messages. I've | discused a range of | security issues [1] with a conclusion that this topic | (soap+xmldsig+xenc) | is most pressing; however, I was not able to find agreement | that this issue | should be shoe-horned into an existing WG, instead it should | be part of the | Web Services security. [2] | | Though I'm relatively ignorant of the ws-arch discussions, | I've heard the | ws-arch WG is considering this issue and will try to have charters | available for work in July [3], but that the immediate issue | might also be | delayed be consideration of the bigger issues. Consequently, | I'd recommend | that a charter for work in the WS Activity be specified with | a scope no | larger than [4] -- and potentially more narrow (e.g., | without tokens). A | "web services security" community does not yet exist (or it | does, but it's | fragmented) and starting work on this immediately not only | commences with | the work, but helps build a community which then can | contribute to the | larger discussion. For instance, because standardized | security components | do not yet exist, specifications such as XKMS [5] may end up | specifying | "one-off" versions in the short term. However, these could | be contributed | to the WS work. We all know somebody who knows somebody who | is in the other | WG, but sometimes that isn't quite enough. <smile/> | | In conclusion, I advocate a charter with specific and | immediate terms, and | an active recruitment of participants. Please let me know if | and how events | are likely to be otherwise. Thanks! | | | [1] | http://lists.w3.org/Archives/Member/w3c-ac-| forum/2002AprJun/0022.html | [2] | http://lists.w3.org/Archives/Public/www-xenc-xmlp-tf/2002Jun/ 0002.html [3] http://www.w3.org/2002/05/28-ws-cg-irc.txt [4] http://www-106.ibm.com/developerworks/security/library/ws-secure/?dwzone =sec urity http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobs pec/ html/ws-security.asp [5] http://lists.w3.org/Archives/Public/www-xkms/2002Jun/0016.html -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Wednesday, 19 June 2002 00:13:47 UTC