- From: Hugo Haas <hugo@w3.org>
- Date: Mon, 14 Mar 2005 17:42:39 +0100
- To: Maryann Hondo <mhondo@us.ibm.com>
- Cc: public-ws-addressing@w3.org, Rich Salz <rsalz@datapower.com>
* Maryann Hondo <mhondo@us.ibm.com> [2005-03-14 15:59+0000] > Do you really think security is "just" metadata? I didn't approach the problem that way. We introduced the [metadata] bucket as a place where we could put information about the EPR and the endpoint. Rich proposed an additional container "intended to be used as a container for security information (signatures, keys, etc) about the EPR." The security information could be: 1. sprinkled in the EPR 2. sprinkled in the [metadata] property 3. gathered in a wsa:Security element in the EPR 4. gathered in a wsa:Security element being part of the [metadata] property The first two solutions don't require more work from our WG. Since our existing bucket seems to be a fairly all-purpose container for information about the EPR, I wondered what was wrong about using it for security data there too (solution #2). Cheers, Hugo -- Hugo Haas - W3C mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Monday, 14 March 2005 16:42:40 UTC