W3C home > Mailing lists > Public > public-wsawg-security-tf@w3.org > March 2003

RE: public-wsawg-security-tf - where to start

From: Abbie Barbir <abbieb@nortelnetworks.com>
Date: Tue, 18 Mar 2003 19:29:18 -0500
Message-ID: <87609AFB433BD5118D5E0002A52CD754052C8D2C@zcard0k6.ca.nortel.com>
To: "Edgar, Gerald" <gerald.edgar@boeing.com>
Cc: public-wsawg-security-tf@w3.org, "Abbie Barbir" <abbieb@nortelnetworks.com>
Gerald, and all,


I have been on the road with no e-mail access.
for the thursday meeting and the rest of the road map, here is what i think
we should do to the archtec draft.
1. we should add a security section. the section will consist of the
a- basic security objectives, basically on my slides are the Authentication
authorization, etc..
b- next we list the avilable techniques that are being standarized today. we
may even mention the techniques that are on the wish list in OASIS and other

The general approach will be the following:
1. privacu issues (human behaior as opposed to data) is out of scope of our
2. need to mention that security is basically afeature, it be taken into
consideration the design of web serv ices. the approach should ne compatible
with the enterprize (or company security policy). wsa security adds an extra
dimension, and is part of the overall secuiryt.

3, we need to see if the wsa architecture has any mnajor misaalignment with
the arcitecture that SAML, XKMS, etc that are based on, if yes (which I
doubt) need to alighn the delta and decide if the approach work or not.
4. Need to see if SOAP security thorug WS-Security is applicable or not (ANy
major issues with what URI defines or not).
5. Need to see if we need any requirements on WSDL, such as specifiying
security as a feature or not.
6. Need to adress ws-policy, ws-privacy, ws-routing, etc.
7. how does security relates to chroeography. what do we need to mention

This is a good starting point for discussion, so please respond.

I will be on the plane friday.
Gerald, if this e-mail does not make it to the list can u please fwd it.


> -----Original Message-----
> From: Edgar, Gerald [mailto:gerald.edgar@boeing.com] 
> Sent: Tuesday, March 18, 2003 11:14 AM
> To: Barbir, Abbie [CAR:1A00:EXCH]
> Subject: RE: public-wsawg-security-tf - where to start
> There has not been much activity yet. are we going to have 
> teleconference meetings that we can get going? your 
> presentation on web services security is a start, my diagrams 
> are another cut. What will our next steps be?
> Gerald
Received on Tuesday, 18 March 2003 19:29:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:09:56 UTC