- From: Joseph Hui <Joseph.Hui@exodus.net>
- Date: Wed, 10 Jul 2002 12:13:33 -0700
- To: <www-ws-arch@w3.org>
- Cc: <hal.lockhart@entegrity.com>
Hi all,
During today's STF telcon I took an action item to
explain in the mailing list what the "onion model"
that we sometimes referred to in the WG's security
related threads was about.
So here it goes.
The "Onion model," for the lack of a better term, is in
essence a grouping of the WSAWG sec reqs for the benefit
of prioritizing them for a phased approach in delivering
our sec solutions/standards. (The phased approach came
about inconsideration of the time-to-market factor often
recited in the WSAWG's discussions.)
The model comprises, in descending priority:
Layer 1) Confidentiality, (Data) Integrity, Authentication;
2) Authorization;
3) Non-repudiation;
4) Accessibility
5) The remainder of the WSAWG sec requirements,
including Auditing.
Note that a phase may consist of one or more laysers.
E.g. the first phase may include layer 1 only, or
layers 1 & 2, dependent upon future decisions.
Cheers,
Joe Hui
Exodus, a Cable & Wireless service
Received on Wednesday, 10 July 2002 15:13:00 UTC