RE: ACTION-59 Draft section 9

Hi Bill,

Good start, and thanks for taking this on. It's a substantial piece of 
groundwork for us. 

Can you flesh out the items in protocools by listing the parts of the 
protocols that provide (potential) security context information? Which 
headers in HTTP? What does PKIX provide? SSL; you seem to have missed 
saying anything about server authentication (and what information 
associated with that). And so on. Does that make sense? I'm looking for a 
one-stop list of potential inputs for the display of security context 
information. You don't need to put in a lot of data that's redundant with 
specs. You can, for example, just list fields or items and include a 
reference to the spec that describes them. 

          Mez





"Doyle, Bill" <wdoyle@mitre.org> 
Sent by: public-wsc-wg-request@w3.org
01/03/2007 09:22 AM

To
Timothy Hahn/Durham/IBM@IBMUS, <public-wsc-wg@w3.org>
cc

Subject
RE: ACTION-59 Draft section 9






Tim,
 
I have made a major update to the Security Context Available section. 
 
http://www.w3.org/2006/WSC/wiki/NoteSecurityContextAvailable
 
and I am still in the process of cleaning it up and will sent out a note 
to the team this AM.
 
Thx
Bill D.
 

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] 
On Behalf Of Timothy Hahn
Sent: Tuesday, January 02, 2007 4:03 PM
To: public-wsc-wg@w3.org
Subject: ACTION-59 Draft section 9


Hi all, 

I have added a new table here: 
http://www.w3.org/2006/WSC/wiki/ContextPresentation in an attempt to merge 
the bullet list from 
http://www.w3.org/2006/WSC/wiki/NoteSecurityContextAvailable and the 
previous table. 

I took the liberty of adding a third column "known weaknesses and 
attacks". 

I am looking for feedback and additional input to this table before adding 
it in as Section 9. 

Thanks, 
Tim Hahn

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530