RE: Web Services Architecture Requirements 23 April 2002 from Joseph Hui on 2002-04-25 (www-ws-arch@w3.org from April 2002)

From: Joseph Hui <jhui@digisle.net>
Date: Wed, 24 Apr 2002 18:28:07 -0700
To: "Ahmed, Zahid" <zahid.ahmed@commerceone.com>, <www-ws-arch@w3.org>
Message-ID: <C153D39717E5F444B81E7B85018A460B081B27CE@ex-sj-5.digisle.com>
> -----Original Message-----
> From: Ahmed, Zahid [mailto:zahid.ahmed@commerceone.com]
> Sent: Wednesday, April 24, 2002 4:13 PM
> To: www-ws-arch@w3.org
> Subject: RE: Web Services Architecture Requirements 23 April 2002
> 
> 
> I'm not sure to what extent we have factored in the latest
> WS-Security specification and WS-Security Roadmap document
> that IBM, Microsoft, and Verisign recently published.
> 
> See:
> 
> http://msdn.microsoft.com/library/default.asp?url=/library/en-
> us/dnglobspec/
> html/ws-security.asp
> 
> http://msdn.microsoft.com/library/default.asp?url=/library/en-
> us/dnwssecur/h
> tml/securitywhitepaper.asp

Interesting point.  Here's my take.
All security literature and publications from all sources,
not just some specific ones from certain vendors, should be
factored in without prejudice.  I can't imagine how some members
might entertain the idea that this standards body would base its
work on some roadmap drawn by their competitors.  In any case,
it'll be up to the specific vendors to bring their materials
(copyrighted no doubt) to the standards table and make their
own thesis and defend it.

> E.g., w.r.t.
> 
> >The description of a web service SHOULD include security policy. 
> 
> There is discussion of a future WS-Policy specification, among
> a range of additional security extensions.

That may well be something we can use or reference in the future.  
Some competing entities may have alternative proposals though.
They always do.

Regards,

Joe Hui
Exodus, a Cable & Wireless service
===========================================

> thanks,
> Zahid Ahmed
> Security Architect
> Commerce One, Inc.
> 408-517-3903
> 
> -----Original Message-----
> From: Joseph Hui [mailto:jhui@digisle.net]
> Sent: Wednesday, April 24, 2002 3:45 PM
> To: Austin, Daniel; www-ws-arch@w3.org
> Subject: RE: Web Services Architecture Requirements 23 April 2002
> 
> 
> Hi Daniel, Sharad, & Abbie,
> 
> I presented the following during the F2F group summaries and later
> in a www-ws0arch message [1] addressed to the editors, but they all
> seemed to have gotten lost.  So here they go again.
> 
>    * In AC0006.3, the parenthesized text ("to be executed by
>      security mechanisms") should be deleted.
> 
>    * There should be the addition of D-AR6010:
> 
>      The description of a web service SHOULD include security policy. 
> 
>      [I'd think there should be a similar requirement for Privacy,
>       e.g. "The description of a web service SHOULD [or MAY?]
>       include privacy policy."  I'll defer this to Hugo the Privacy
>       champion though.]
> 
> Also, why were the MUST's in D-AR600* replaced with must's?
> Note that Section 1.2 says the doc uses the RFC 2119 convention.
> 
> Regards,
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> 
> [1] http://lists.w3.org/Archives/Public/www-ws-arch/2002Apr/0085.html
> 
> ==============================================================
> =========
> > -----Original Message-----
> > From: Austin, Daniel [mailto:Austin.D@ic.grainger.com]
> > Sent: Tuesday, April 23, 2002 1:29 PM
> > To: www-ws-arch@w3.org
> > Subject: Web Services Architecture Requirements 23 April 2002
> > 
> > 
> > Gentlebeings,
> > 
> > 	I've uploaded the most recent version of the 
> > requirements document
> > to:
> > 
> > http://www.w3.org/2002/ws/arch/2/wd-wsawg-reqs-04232002.html
> > 
> > 	This version incorporates many changes from our 
> > discussions both at
> > the face to face meeting and on the telephone and in the 
> > mailing list. This
> > version is intended for publication as a Working Draft upon 
> > approval of the
> > W3C.
> > 
> > 	Here is a (partial) list of the changes in this version:
> > 
> > * removed user scanrios section
> > * added top-level goals from f2f
> > * relettered prior goals to CSFs
> > * modified each CSF to reflect current wording and requirements
> > * removed some sections
> > * reworked document organization and structure
> > * changed from editor's draft to working draft
> > * updated status section
> > * lots of other small changes.
> > 
> > 	There are still some issues with this version:
> > * numbering is irregular
> > * list formatting is inconsistent
> > * analysis matrices not yet added
> > * document text needs coherence
> > * does not yet pass publication validator at W3C
> > 
> > 	Please send comments and feedback to the list! Thanks to Chris,
> > Hugo, and of course Abbie and Sharad for all the hard work. 
> > 
> > Regards,
> > 
> > D-
> > 
> > **************************************************************
> > *********
> > Dr. Daniel Austin, Sr. Technical Architect
> > austin.d@ic.grainger.com (847) 793 5044
> > Visit: http://www.grainger.com
> > 
> > "Sapere Aude!"
> > 
> > 
> > 
> > 
> 
>
Received on Wednesday, 24 April 2002 21:28:12 UTC