RE: public-wsawg-security-tf - where to start

Frncis,

I never meant that we should go ionto too much details.
the point of the excerise is to determine in very simple terms how the
security ferature will be accomplished.

We are not going to go into deep specifics and a list of recommendations.


PS: I am agreeing with you.

Abbie



> -----Original Message-----
> From: Francis McCabe [mailto:fgm@fla.fujitsu.com] 
> Sent: Wednesday, March 19, 2003 12:37 PM
> To: Barbir, Abbie [CAR:1A00:EXCH]
> Cc: Edgar, Gerald; public-wsawg-security-tf@w3.org
> Subject: Re: public-wsawg-security-tf - where to start
> 
> 
> Hi Abbie:
>    I think that you are still over estimating the effort involved.
> 
>    If you think of the WSA as a framework architecture rather than a 
> specific implementation arch, then all that is really required is to 
> establish the key `entry points' that are necessary; and potentially 
> point to the more specific specs.
> 
>    E.g., I doubt v. much that we need to investigate the presence or 
> lack of support for security in WSDL.
> 
> Really, the question that needs to be answered is:
> 
> How does the WSA account for security
> 
> The answer is going to be a combination of two things:
> 
> the key concepts needed for security and a pointer to a more detailed 
> spec.
> 
> This is both easier and harder than dumping a list of 
> specifics; easier 
> because there should be less typing, harder because getting the right 
> key is difficult.
> 
> Frank
> 
> On Tuesday, March 18, 2003, at 04:29  PM, Abbie Barbir wrote:
> 
> > Gerald, and all,
> >
> > HI,
> >
> > I have been on the road with no e-mail access.
> > OK,
> > for the thursday meeting and the rest of the road map, here 
> is what i
> > think we should do to the archtec draft.
> > 1. we should add a security section. the section will 
> consist of the 
> > following
> > a- basic security objectives, basically on my slides are the 
> > Authentication authorization, etc..
> > b- next we list the avilable techniques that are being standarized 
> > today. we may even mention the techniques that are on the 
> wish list in 
> > OASIS and other SDO.
> >
> > The general approach will be the following:
> > 1. privacu issues (human behaior as opposed to data) is out of scope
> > of our work.
> > 2. need to mention that security is basically afeature, it be taken 
> > into consideration the design of web serv ices. the 
> approach should ne 
> > compatible with the enterprize (or company security policy). wsa 
> > security adds an extra dimension, and is part of the 
> overall secuiryt.
> >
> > 3, we need to see if the wsa architecture has any mnajor 
> misaalignment
> > with the arcitecture that SAML, XKMS, etc that are based on, if yes 
> > (which I doubt) need to alighn the delta and decide if the approach 
> > work or not.
> >
> > 4. Need to see if SOAP security thorug WS-Security is applicable or
> > not (ANy major issues with what URI defines or not).
> >
> > 5. Need to see if we need any requirements on WSDL, such as
> > specifiying security as a feature or not.
> > 6. Need to adress ws-policy, ws-privacy, ws-routing, etc.
> > 7. how does security relates to chroeography. what do we need to 
> > mention there.
> >
> >
> > This is a good starting point for discussion, so please respond.
> >
> > I will be on the plane friday.
> > Gerald, if this e-mail does not make it to the list can u please fwd
> > it.
> >
> >
> > abbie
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: Edgar, Gerald [mailto:gerald.edgar@boeing.com]
> > > Sent: Tuesday, March 18, 2003 11:14 AM
> > > To: Barbir, Abbie [CAR:1A00:EXCH]
> > > Subject: RE: public-wsawg-security-tf - where to start
> > >
> > >
> > > There has not been much activity yet. are we going to have 
> > > teleconference meetings that we can get going? your 
> presentation on 
> > > web services security is a start, my diagrams are another 
> cut. What 
> > > will our next steps be?
> > >
> > > Gerald
> > >
> >
> 
>