- From: Christopher B Ferris <chrisfer@us.ibm.com>
- Date: Tue, 1 Apr 2008 12:53:51 -0400
- To: "Stephen Green" <stephengreenubl@gmail.com>
- Cc: public-ws-policy@w3.org, public-ws-policy-request@w3.org
- Message-ID: <OF76F74A19.D18DE8FC-ON8525741E.005C1050-8525741E.005CF5F6@us.ibm.com>
Stephen, "The Web Services Policy 1.5 - Framework provides a general purpose model and corresponding syntax to describe the policies of entities in a Web services-based system. " [1] WS-Policy itself does not define nor prescribe the policies themselves. The policy assertion vocabularies are developed separately, within organizations that have expertise in a particular domain. For security policy, you would (for instance) look to the OASIS WS-SX TC as the group defining security policy assertion vocabulary that is intended to be used with WS-Policy 1.5 - Framework and Attachments specifications. Hope this helps. Cheers, [1] http://www.w3.org/TR/ws-policy/#abstract [2] http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx Christopher Ferris STSM, Software Group Standards Strategy email: chrisfer@us.ibm.com blog: http://www.ibm.com/developerworks/blogs/page/chrisferris phone: +1 508 234 2986 public-ws-policy-request@w3.org wrote on 03/15/2008 04:49:45 PM: > "Stephen Green" <stephengreenubl@gmail.com> > Sent by: public-ws-policy-request@w3.org > > 03/15/08 04:49 PM > > To > > public-ws-policy@w3.org > > cc > > Subject > > Policy to require persisted trace log encryption? > > > Please bear with a newcomer question/comment and point me to a better > way to question or comment if necessary. > > I would expect, rightly or wrongly, that a there would be a policy to require > that a web server handling a web service encrypt all messages for a > particular web service in *traces*. Is this within scope for > existing WS-Policy > specifications and is it already handled? Is it part of the WS-Policy scope > to include the conformance requirement that for a certain encryption policy > in a web service the traces too are encrypted? If not then would it not be > the ideal for the scope to be increased to cover this, when such trace logs > are persisted and used for ongoing monitoring in production use? > > Best regards > > -- > Stephen D. Green > > Partner > SystML, http://www.systml.co.uk > Tel: +44 (0) 117 9541606 > > http://www.biblegateway.com/passage/?search=matthew+22:37 .. and voice > >
Received on Tuesday, 1 April 2008 16:56:15 UTC