RE: public-wsawg-security-tf - where to start from Abbie Barbir on 2003-03-19 (public-wsawg-security-tf@w3.org from March 2003)

From: Abbie Barbir <abbieb@nortelnetworks.com>
Date: Wed, 19 Mar 2003 12:39:39 -0500
To: "Abbie Barbir" <abbieb@nortelnetworks.com>, "'Edgar, Gerald'" <gerald.edgar@boeing.com>
Cc: "'public-wsawg-security-tf@w3.org'" <public-wsawg-security-tf@w3.org>
Message-ID: <87609AFB433BD5118D5E0002A52CD7540531BB9A@zcard0k6.ca.nortel.com>

Hi all,

I am finally back on-line.

Can u please provide feedback on the plan.
we should divide the work on reviewing the avilable documents to ensure that
we can comply with them from an architecture point of view.
It would help if we can start having volunteers.

I have sent before on the main list pointers to avilable tech in OASIS and
w3c.
my presentation slides from F2F should also have some references.

ps: Sorry I am still on the road, so my i may respond slowly

Abbie


> -----Original Message-----
> From: Barbir, Abbie [CAR:1A00:EXCH] 
> Sent: Tuesday, March 18, 2003 7:29 PM
> To: Edgar, Gerald
> Cc: public-wsawg-security-tf@w3.org; Barbir, Abbie [CAR:1A00:EXCH]
> Subject: RE: public-wsawg-security-tf - where to start
> 
> 
> Gerald, and all,
> 
> HI,
> 
> I have been on the road with no e-mail access.
> OK,
> for the thursday meeting and the rest of the road map, here 
> is what i think we should do to the archtec draft. 1. we 
> should add a security section. the section will consist of 
> the following
> a- basic security objectives, basically on my slides are the 
> Authentication authorization, etc..
> b- next we list the avilable techniques that are being 
> standarized today. we may even mention the techniques that 
> are on the wish list in OASIS and other SDO.
> 
> The general approach will be the following:
> 1. privacu issues (human behaior as opposed to data) is out 
> of scope of our work. 2. need to mention that security is 
> basically afeature, it be taken into consideration the design 
> of web serv ices. the approach should ne compatible with the 
> enterprize (or company security policy). wsa security adds an 
> extra dimension, and is part of the overall secuiryt.
> 
> 3, we need to see if the wsa architecture has any mnajor 
> misaalignment with the arcitecture that SAML, XKMS, etc that 
> are based on, if yes (which I doubt) need to alighn the delta 
> and decide if the approach work or not. 4. Need to see if 
> SOAP security thorug WS-Security is applicable or not (ANy 
> major issues with what URI defines or not). 5. Need to see if 
> we need any requirements on WSDL, such as specifiying 
> security as a feature or not. 6. Need to adress ws-policy, 
> ws-privacy, ws-routing, etc. 7. how does security relates to 
> chroeography. what do we need to mention there.
> 
> 
> This is a good starting point for discussion, so please respond.
> 
> I will be on the plane friday.
> Gerald, if this e-mail does not make it to the list can u 
> please fwd it.
> 
> 
> abbie
> 
> 
> 
> 
> > -----Original Message-----
> > From: Edgar, Gerald [mailto:gerald.edgar@boeing.com]
> > Sent: Tuesday, March 18, 2003 11:14 AM
> > To: Barbir, Abbie [CAR:1A00:EXCH]
> > Subject: RE: public-wsawg-security-tf - where to start
> > 
> > 
> > There has not been much activity yet. are we going to have
> > teleconference meetings that we can get going? your 
> > presentation on web services security is a start, my diagrams 
> > are another cut. What will our next steps be?
> > 
> > Gerald
> > 
>

Received on Wednesday, 19 March 2003 12:39:47 UTC