- From: Stephen Green <stephengreenubl@gmail.com>
- Date: Tue, 1 Apr 2008 19:47:26 +0100
- To: "Christopher B Ferris" <chrisfer@us.ibm.com>
- Cc: public-ws-policy@w3.org, public-ws-policy-request@w3.org
Many thanks Christopher, it helps very much. Best regards Stephen Green On 01/04/2008, Christopher B Ferris <chrisfer@us.ibm.com> wrote: > > Stephen, > > "The Web Services Policy 1.5 - Framework provides a general purpose model > and corresponding syntax to describe the policies of entities in a Web > services-based system. " [1] > > WS-Policy itself does not define nor prescribe the policies themselves. The > policy assertion vocabularies are developed separately, within organizations > that have expertise in a particular domain. For security policy, you would > (for instance) look to the OASIS WS-SX TC as the > group defining security policy assertion vocabulary that is intended to be > used with WS-Policy 1.5 - Framework and Attachments specifications. > > Hope this helps. > > Cheers, > > [1] http://www.w3.org/TR/ws-policy/#abstract > [2] > http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx > > Christopher Ferris > STSM, Software Group Standards Strategy > email: chrisfer@us.ibm.com > blog: > http://www.ibm.com/developerworks/blogs/page/chrisferris > phone: +1 508 234 2986 > > public-ws-policy-request@w3.org wrote on 03/15/2008 04:49:45 PM: > > > "Stephen Green" <stephengreenubl@gmail.com> > > Sent by: public-ws-policy-request@w3.org > > > > 03/15/08 04:49 PM > > > > To > > > > public-ws-policy@w3.org > > > > cc > > > > Subject > > > > Policy to require persisted trace log encryption? > > > > > > Please bear with a newcomer question/comment and point me to a better > > way to question or comment if necessary. > > > > I would expect, rightly or wrongly, that a there would be a policy to > require > > that a web server handling a web service encrypt all messages for a > > particular web service in *traces*. Is this within scope for > > existing WS-Policy > > specifications and is it already handled? Is it part of the WS-Policy > scope > > to include the conformance requirement that for a certain encryption > policy > > in a web service the traces too are encrypted? If not then would it not > be > > the ideal for the scope to be increased to cover this, when such trace > logs > > are persisted and used for ongoing monitoring in production use? > > > > Best regards > > > > -- > > Stephen D. Green > > > > Partner > > SystML, http://www.systml.co.uk > > Tel: +44 (0) 117 9541606 > > > > > http://www.biblegateway.com/passage/?search=matthew+22:37 > .. and voice > > > > > -- Stephen D. Green Partner SystML, http://www.systml.co.uk Tel: +44 (0) 117 9541606 http://www.biblegateway.com/passage/?search=matthew+22:37 .. and voice
Received on Tuesday, 1 April 2008 18:48:18 UTC