- From: Hugo Haas <hugo@w3.org>
- Date: Mon, 29 Jul 2002 14:29:33 -0400
- To: www-ws-arch@w3.org
- Cc: "Steven A. Monetti" <smonetti@att.com>
[ Sorry for the lack of pointers: I am offline. ] All, As per my action item, I have reviewed the additional usage scenarios that Steve Monetti came up with to see how they can be integrated in the latest version of the usage scenarios document. Steve gathered those new usage scenarios by looking at other usage scenarios document. Steve, could you please resend your draft to the list? Thanks. Below is my analysis: is the scenario covered by our document? what action should we take? | 1. Single Sign-On: Authentication using a Username/Password and | Transport-Level Security S063 covers this topic. However, S063 isn't finished so it needs to be completed. => Finish S063. | 2. Authentication by a Trusted Party 2 is slightly different from 1, but I believe that it is a variation of it and should be covered by a (variation of) S063. => Write a variation of S063 using a trusted party. | 3. Confidentiality and Integrity with No Transport Level Security S064 covers this topic, but it needs to be developed more: it currently does not have a complete description. => Finish S064. | 4. Authorization Service for Access to a Resource There isn't a precise authorization usage scenario in the document, even though authorization is covered by the requirements document. => Add an authorization usage scenario. | 5. Firewall Processing of Messages This is a particular case of authorization involving an intermediary. As a general rule, we should probably add a few scenarios underlining the role of intermediaries, being security-related or not. => Look into intermediairies usage scenarios. | 6. Business Policy Enforcement This is another particular case of authorization. It is IMO a combination of several other usage scenarios (authorization, authentication with tokens) which could be highlighted in one of our high-level use cases; the travel agent service use case is probably a good place to do so. => Look into putting individual scenarios into context | 7. Basic Privacy: Use and Disclosure of Personal Information As I mentioned last week, I added a note in the editors' copy of the usage scenario document to add a couple of privacy usage scenarios which will cover this. => Add privacy usage scenarios. | 8. Delegating Trust I don't believe that this is covered by our document yet. => Add scenario about trust delegation. | 9. Access Control Lists I don't think that this is covered by our current document. I was thinking about proposing to it to one of the use cases, but I am still unsure about it. A usage scenario about ACLs may be in order. => Add scenario about ACLs. | 10. Auditing to Track Security-Related Activities and Incidents Auditing isn't covered by our document. => Add auditing usage scenario. Regards, Hugo -- Hugo Haas - W3C mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Monday, 29 July 2002 14:43:23 UTC