W3C home > Mailing lists > Public > public-ws-addressing@w3.org > March 2005

Re: Proposing a wsa:Security element

From: Rich Salz <rsalz@datapower.com>
Date: Mon, 14 Mar 2005 11:43:47 -0500
Message-ID: <4235BF43.2080502@datapower.com>
To: Ashok Malhotra <ashok.malhotra@oracle.com>
CC: Hugo Haas <hugo@w3.org>, public-ws-addressing@w3.org

> In my view, all the security information shd be collected together and
> shd go in the policy sub-bucket of the metadata bucket.

What policy sub-bucket?  The latest draft only mentions policy in the 
edit history -- "removed reference to ws-policy" :)

>  But there are 
> many subtleties here depending on which direction the message is flowing etc.

No, it's only about securing the EPR.  It has nothing to do with message 
flow, just with how you secure the EPR when you bind it into a message.

> I suggest that the WS-Addressing WG not attempt to solve this problem.

I think ws-addressing MUST say how to secure EPR's.  It should have a 
specific container for "the elements in here are used to secure this EPR."

> The details shd be left to another WG. 

I'm curious:  which one(s) are likely candidates?

I think issues this recommendation, and then waiting for WS-I to get 
around to profiling how to acutally use the metadata bucket so that 
client and server(s) can have secure EPRs is a big mistake.


Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
Received on Monday, 14 March 2005 16:43:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:28:24 UTC