Re: Policy to require persisted trace log encryption? from Christopher B Ferris on 2008-04-01 (public-ws-policy@w3.org from April 2008)

From: Christopher B Ferris <chrisfer@us.ibm.com>
Date: Tue, 1 Apr 2008 12:53:51 -0400
To: "Stephen Green" <stephengreenubl@gmail.com>
Cc: public-ws-policy@w3.org, public-ws-policy-request@w3.org
Message-ID: <OF76F74A19.D18DE8FC-ON8525741E.005C1050-8525741E.005CF5F6@us.ibm.com>

Stephen,

"The Web Services Policy 1.5 - Framework provides a general purpose model 
and corresponding syntax to describe the policies of entities in a Web 
services-based system. " [1]

WS-Policy itself does not define nor prescribe the policies themselves. 
The policy assertion vocabularies are developed separately, within 
organizations that have expertise in a particular domain. For security 
policy, you would (for instance) look to the OASIS WS-SX TC as the
group defining security policy assertion vocabulary that is intended to be 
used with WS-Policy 1.5 - Framework and Attachments specifications.

Hope this helps.

Cheers,

[1] http://www.w3.org/TR/ws-policy/#abstract
[2] http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx

Christopher Ferris
STSM, Software Group Standards Strategy
email: chrisfer@us.ibm.com
blog: http://www.ibm.com/developerworks/blogs/page/chrisferris
phone: +1 508 234 2986

public-ws-policy-request@w3.org wrote on 03/15/2008 04:49:45 PM:

> "Stephen Green" <stephengreenubl@gmail.com> 
> Sent by: public-ws-policy-request@w3.org
> 
> 03/15/08 04:49 PM
> 
> To
> 
> public-ws-policy@w3.org
> 
> cc
> 
> Subject
> 
> Policy to require persisted trace log encryption?
> 
> 
> Please bear with a newcomer question/comment and point me to a better
> way to question or comment if necessary.
> 
> I would expect, rightly or wrongly, that a there would be a policy to 
require
> that a web server handling a web service encrypt all messages for a
> particular web service in *traces*. Is this within scope for 
> existing WS-Policy
> specifications and is it already handled? Is it part of the WS-Policy 
scope
> to include the conformance requirement that for a certain encryption 
policy
> in a web service the traces too are encrypted? If not then would it not 
be
> the ideal for the scope to be increased to cover this, when such trace 
logs
> are persisted and used for ongoing monitoring in production use?
> 
> Best regards
> 
> -- 
> Stephen D. Green
> 
> Partner
> SystML, http://www.systml.co.uk
> Tel: +44 (0) 117 9541606
> 
> http://www.biblegateway.com/passage/?search=matthew+22:37 .. and voice
> 
>

Received on Tuesday, 1 April 2008 16:56:15 UTC