DR046 is currently in the 'application semantics out of scope' section. At first, it might seem that it is a duplicate of DR608. However, DR608 deals with security frameworks that pertain to protocol bindings, like SSL. DR046 deals with the flip side, the security frameworks that would be layered on top of XP and which would be considered application semantics. For example, XML Signature, S2ML and AuthXML would fit this description. DR046 currently reads: " xml protocol should work well with popular security mechanisms. Issue (i.046.01): Popular ones are smime/ssl/digital signatures. Issue (i.046.02): For example SSL, SMIME, DSIG. " We might want to consider a rewording to something like the following: "XML Protocol should not preclude the use of application defined security mechanisms." As with DR124 and DR125, DR305 seems broad enough that it might engulf this one. Any suggestions? Useful links... S2ML: http://www.s2ml.org/ AuthXML: http://www.authxml.org/ IETF/W3C XML-Signature WG: http://www.w3.org/Signature/ Oasis Security Services Technical Committee: http://www.oasis-open.org/committees/security/index.shtml AlexReceived on Wednesday, 6 December 2000 14:14:28 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:57 GMT