- From: Francis McCabe <fgm@fla.fujitsu.com>
- Date: Mon, 24 Mar 2003 15:34:10 -0800
- To: "Abbie Barbir" <abbieb@nortelnetworks.com>
- Cc: "Edgar, Gerald" <gerald.edgar@boeing.com>, public-wsawg-security-tf@w3.org
Abbie: If you provide a draft, I'll undertake to have a go at refactoring it to `fit' with the architecture style. Frank On Monday, March 24, 2003, at 01:07 PM, Abbie Barbir wrote: > Hello again, > > Moving forward on the security issues and working with francis > recommendation, we need to jumop start the work ASAP. > > At this stage, I will suggest the following: > > 1. We need a section that discuss the need for security. This can > address all the issues from the architecture prospective. In the > section we will state the following: > > a. security is a feature that could be intgerated in the architecture. > b. Point the fact that it is deployment related and that it should be > part of an overall security frame work for the adopters. > > c. Point to work that is being done to achoive that (OASIS, etc.) > d. State that some recommendation will be spec and others will not, > and the adopter should keep track of that. > > This shouls be done in about two pages. > > I will start the process early next week and pass the draft to you for > your feedback. > > Please let me know if u have any problems with that. Of course any > help will be appreciated. > > > > Thanks > > Abbie > > > > > -----Original Message----- > > From: Francis McCabe [mailto:fgm@fla.fujitsu.com] > > Sent: Wednesday, March 19, 2003 12:37 PM > > To: Barbir, Abbie [CAR:1A00:EXCH] > > Cc: Edgar, Gerald; public-wsawg-security-tf@w3.org > > Subject: Re: public-wsawg-security-tf - where to start > > > > > > Hi Abbie: > > I think that you are still over estimating the effort involved. > > > > If you think of the WSA as a framework architecture rather than a > > specific implementation arch, then all that is really required is to > > establish the key `entry points' that are necessary; and potentially > > point to the more specific specs. > > > > E.g., I doubt v. much that we need to investigate the presence or > > lack of support for security in WSDL. > > > > Really, the question that needs to be answered is: > > > > How does the WSA account for security > > > > The answer is going to be a combination of two things: > > > > the key concepts needed for security and a pointer to a more detailed > > spec. > > > > This is both easier and harder than dumping a list of > > specifics; easier > > because there should be less typing, harder because getting the right > > key is difficult. > > > > Frank > > > > On Tuesday, March 18, 2003, at 04:29 PM, Abbie Barbir wrote: > > > > > Gerald, and all, > > > > > > HI, > > > > > > I have been on the road with no e-mail access. > > > OK, > > > for the thursday meeting and the rest of the road map, here > > is what i > > > think we should do to the archtec draft. > > > 1. we should add a security section. the section will > > consist of the > > > following > > > a- basic security objectives, basically on my slides are the > > > Authentication authorization, etc.. > > > b- next we list the avilable techniques that are being standarized > > > today. we may even mention the techniques that are on the > > wish list in > > > OASIS and other SDO. > > > > > > The general approach will be the following: > > > 1. privacu issues (human behaior as opposed to data) is out of > scope > > > of our work. > > > 2. need to mention that security is basically afeature, it be taken > > > into consideration the design of web serv ices. the > > approach should ne > > > compatible with the enterprize (or company security policy). wsa > > > security adds an extra dimension, and is part of the > > overall secuiryt. > > > > > > 3, we need to see if the wsa architecture has any mnajor > > misaalignment > > > with the arcitecture that SAML, XKMS, etc that are based on, if yes > > > (which I doubt) need to alighn the delta and decide if the approach > > > work or not. > > > > > > 4. Need to see if SOAP security thorug WS-Security is applicable or > > > not (ANy major issues with what URI defines or not). > > > > > > 5. Need to see if we need any requirements on WSDL, such as > > > specifiying security as a feature or not. > > > 6. Need to adress ws-policy, ws-privacy, ws-routing, etc. > > > 7. how does security relates to chroeography. what do we need to > > > mention there. > > > > > > > > > This is a good starting point for discussion, so please respond. > > > > > > I will be on the plane friday. > > > Gerald, if this e-mail does not make it to the list can u please > fwd > > > it. > > > > > > > > > abbie > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Edgar, Gerald [mailto:gerald.edgar@boeing.com] > > > > Sent: Tuesday, March 18, 2003 11:14 AM > > > > To: Barbir, Abbie [CAR:1A00:EXCH] > > > > Subject: RE: public-wsawg-security-tf - where to start > > > > > > > > > > > > There has not been much activity yet. are we going to have > > > > teleconference meetings that we can get going? your > > presentation on > > > > web services security is a start, my diagrams are another > > cut. What > > > > will our next steps be? > > > > > > > > Gerald > > > > > > > > > > > >
Received on Monday, 24 March 2003 18:34:37 UTC