RE: public-wsawg-security-tf - where to start

hi,
next tuesday is the plan.
we will optimize thru help from all.

abbie


> -----Original Message-----
> From: Francis McCabe [mailto:fgm@fla.fujitsu.com] 
> Sent: Monday, March 24, 2003 6:34 PM
> To: Barbir, Abbie [CAR:1A00:EXCH]
> Cc: Edgar, Gerald; public-wsawg-security-tf@w3.org
> Subject: Re: public-wsawg-security-tf - where to start
> 
> 
> Abbie:
>    If you provide a draft, I'll undertake to have a go at 
> refactoring it 
> to `fit' with the architecture style.
> Frank
> 
> On Monday, March 24, 2003, at 01:07  PM, Abbie Barbir wrote:
> 
> > Hello again,
> >
> > Moving forward on the security issues and working with francis
> > recommendation, we need to jumop start the work ASAP.
> >
> > At this stage, I will suggest the following:
> >
> > 1. We need a section that discuss the need for security. This can
> > address all the issues from the architecture prospective. In the 
> > section we will state the following:
> >
> > a. security is a feature that could be intgerated in the 
> architecture. 
> > b. Point the fact that it is deployment related and that it 
> should be 
> > part of an overall security frame work for the adopters.
> >
> > c. Point to work that is being done to achoive that (OASIS, 
> etc.) d. 
> > State that some recommendation will be spec and others will 
> not, and 
> > the adopter should keep track of that.
> >
> > This shouls be done in about two pages.
> >
> > I will start the process early next week and pass the draft 
> to you for
> > your feedback.
> >
> > Please let me know if u have any problems with that. Of course any
> > help will be appreciated.
> >
> >
> >
> > Thanks
> >
> > Abbie
> >
> >
> >
> > > -----Original Message-----
> > > From: Francis McCabe [mailto:fgm@fla.fujitsu.com]
> > > Sent: Wednesday, March 19, 2003 12:37 PM
> > > To: Barbir, Abbie [CAR:1A00:EXCH]
> > > Cc: Edgar, Gerald; public-wsawg-security-tf@w3.org
> > > Subject: Re: public-wsawg-security-tf - where to start
> > >
> > >
> > > Hi Abbie:
> > >    I think that you are still over estimating the effort involved.
> > >
> > >    If you think of the WSA as a framework architecture 
> rather than a  
> > >specific implementation arch, then all that is really 
> required is to  
> > >establish the key `entry points' that are necessary; and 
> potentially  
> > >point to the more specific specs.
> > >
> > >    E.g., I doubt v. much that we need to investigate the 
> presence or  
> > >lack of support for security in WSDL.
> > >
> > > Really, the question that needs to be answered is:
> > >
> > > How does the WSA account for security
> > >
> > > The answer is going to be a combination of two things:
> > >
> > > the key concepts needed for security and a pointer to a more 
> > > detailed spec.
> > >
> > > This is both easier and harder than dumping a list of specifics; 
> > > easier because there should be less typing, harder 
> because getting 
> > > the right key is difficult.
> > >
> > > Frank
> > >
> > > On Tuesday, March 18, 2003, at 04:29  PM, Abbie Barbir wrote:
> > >
> > > > Gerald, and all,
> > > >
> > > > HI,
> > > >
> > > > I have been on the road with no e-mail access.
> > > > OK,
> > > > for the thursday meeting and the rest of the road map, here
> > > is what i
> > > > think we should do to the archtec draft.
> > > > 1. we should add a security section. the section will
> > > consist of the
> > > > following
> > > > a- basic security objectives, basically on my slides are the 
> > > > Authentication authorization, etc..
> > > > b- next we list the avilable techniques that are being 
> standarized 
> > > > today. we may even mention the techniques that are on the
> > > wish list in
> > > > OASIS and other SDO.
> > > >
> > > > The general approach will be the following:
> > > > 1. privacu issues (human behaior as opposed to data) is out of
> > scope
> > > > of our work.
> > > > 2. need to mention that security is basically afeature, it be 
> > > > taken into consideration the design of web serv ices. the
> > > approach should ne
> > > > compatible with the enterprize (or company security 
> policy). wsa 
> > > > security adds an extra dimension, and is part of the
> > > overall secuiryt.
> > > >
> > > > 3, we need to see if the wsa architecture has any mnajor
> > > misaalignment
> > > > with the arcitecture that SAML, XKMS, etc that are based on, if 
> > > > yes (which I doubt) need to alighn the delta and decide if the 
> > > > approach work or not.
> > > >
> > > > 4. Need to see if SOAP security thorug WS-Security is 
> applicable 
> > > > or not (ANy major issues with what URI defines or not).
> > > >
> > > > 5. Need to see if we need any requirements on WSDL, such as 
> > > > specifiying security as a feature or not. 6. Need to adress 
> > > > ws-policy, ws-privacy, ws-routing, etc. 7. how does security 
> > > > relates to chroeography. what do we need to mention there.
> > > >
> > > >
> > > > This is a good starting point for discussion, so please respond.
> > > >
> > > > I will be on the plane friday.
> > > > Gerald, if this e-mail does not make it to the list can u please
> > fwd
> > > > it.
> > > >
> > > >
> > > > abbie
> > > >
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Edgar, Gerald [mailto:gerald.edgar@boeing.com]
> > > > > Sent: Tuesday, March 18, 2003 11:14 AM
> > > > > To: Barbir, Abbie [CAR:1A00:EXCH]
> > > > > Subject: RE: public-wsawg-security-tf - where to start
> > > > >
> > > > >
> > > > > There has not been much activity yet. are we going to have 
> > > > > teleconference meetings that we can get going? your
> > > presentation on
> > > > > web services security is a start, my diagrams are another
> > > cut. What
> > > > > will our next steps be?
> > > > >
> > > > > Gerald
> > > > >
> > > >
> > >
> > >
> >
> 
>