Issue 3708 - Update security considerations section of Framework to include discussion of XML Signature use as well as additional security considerations from Primer from Frederick Hirsch on 2006-09-13 (public-ws-policy@w3.org from September 2006)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Wed, 13 Sep 2006 08:03:58 -0700
To: public-ws-policy@w3.org
Cc: Hirsch Frederick <frederick.hirsch@nokia.com>
Message-Id: <15456598-728A-4E5C-9C4B-2280ADC8BC50@nokia.com>

Issue 3708 - <http://www.w3.org/Bugs/Public/show_bug.cgi?id=3708>

Description - Update security considerations section of Framework to  
include discussion of XML Signature use as well as additional  
security considerations from Primer

Justification - Core document should include informative Securiity  
Considerations section. Integrity protection and source  
authentication provided by XML Signature in non-messaging context  
should be included as consideration.

Target - WS-Policy Framework [1]

Proposal:

1) Add sentence at end of current section 5 (Security Considerations):

Policies may be signed using XML Signature to provide integrity  
protection and origin authentication, especially in contexts where  
message security is not appropriate.

2) Incorporate  security considerations listed in contributed primer  
into Framework document. See Appendix A in PDF referenced in
<http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001>

Test: review of section

[1] <http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy- 
framework.html?content-type=text/html;%20charset=utf-8>

regards, Frederick

Frederick Hirsch
Nokia

Received on Wednesday, 13 September 2006 15:10:33 UTC