- From: Krishna Sankar <ksankar@cisco.com>
- Date: Wed, 19 Jun 2002 20:52:12 -0700
- To: <www-ws-arch@w3.org>, <xml-encryption@w3.org>, <www-xkms@w3.org>, <reagle@w3.org>
Joseph Hui, I have been observing the WS-Arch security related proceedings with interest and concern. On one side we are doing the right peer-review and the disciplined-rigorous approach, which is good. OTOH, it is a process by a committee, which means we will make some compromises and would take time. You know how long we took just to agree on definitions. Usually I do not agree with Dave Orchard that easily, but on this occasion I do agree with him. Any W3C effort - as a result of the WS-Arch definition in the security arena - would be able to start at the earliest by Nov 2002 which means any standard to the CR level would be Nov 2003. From my understanding, what Joseph Reagle is attempting to do (I also support him on this) is to achieve a standardized way for integrity & confidentiality for SOAP ; I would add the transport of tokens (a.k.a SAML assertions, Kerberos Tickets,...) over SOAP as well into this effort. This clearly requires a light weight and faster process than the yet-to-be-proposed Security initiative by the WS-Arch group. Remember, if the question was the other way round - i.e. if we want a security architecture for web services that envelopes secure conversation, policies, ... (like the security arch paper from IBM et al) my answer would be different, in fact opposite ! The proposed mini-group (let us call it SOAP Security WG) actually has a lot of synergy with the yet-to-be-proposed WS-Security WG. It relieves us - the WS-Arch group of the daily trifles and the urgency of defining a short term deliverable (to plug the leaks - literally !) and it frees the SOAP Security WG of defining an all encompassing comprehensive security architecture. The best of both worlds ! cheers
Received on Wednesday, 19 June 2002 23:53:06 UTC