- From: Sedukhin, Igor <Igor.Sedukhin@ca.com>
- Date: Thu, 20 Jun 2002 13:27:49 -0400
- To: Joseph Hui <Joseph.Hui@exodus.net>, kreger@us.ibm.com
- Cc: "ECKERT,ZULAH (HP-Cupertino,ex1)" <zulah_eckert@hp.com>, "Damodaran, Suresh" <Suresh_Damodaran@stercomm.com>, Hao.He@thomson.ocm.au, adiber@att.com, wsgeek2002@yahoo.com, www-ws-arch@w3.org
- Message-ID: <849C1D32E4C7924F854D8A0356C72A9E04EB736D@usilms08.ca.com>
So, then, adding a user or changing a policy is now inline with encryption or non-repudiation? Management is management and security is security, no need to mix up the concepts. Is security auditing, for example, management or security? My take it is management. I'd say leave management requirement in Security goal, for things like key management (XKMS), etc., and *add* one to the Management goal for things like Audit, Policy Administration, etc. PS. I highly doubt that if WS Sec WG is formed it would have enough bandwidth to cover things like Audit... There are enough other problems to cover in the security infrastructure for Web Services... -- Igor Sedukhin .. (Igor.Sedukhin@ca.com) -- (631) 342-4325 .. 1 CA Plaza, Islandia, NY 11788 -----Original Message----- From: Joseph Hui [mailto:Joseph.Hui@exodus.net] Sent: Thursday, June 20, 2002 12:21 PM To: kreger@us.ibm.com Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Damodaran, Suresh; Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org Subject: RE: proposed AC018 rewording I would think it should stay with the sec goal and let WS Management set a reference pointer to it. It made much sense to me in light that there would be a new WS Sec WG to be formed, or very likely to be formed considering the pushback against the group's immediate formation. So the F2F upshot was inconclusive. I'd suggest those who were in favor of relocating to air their view now and move to change the doc; else the WG should conclude to let it stay within the sec goal by default. Joe Hui Exodus, a Cable & Wireless service ========================================================= -----Original Message----- From: kreger@us.ibm.com [mailto:kreger@us.ibm.com] Sent: Thursday, June 20, 2002 8:58 AM To: Joseph Hui Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Damodaran, Suresh; kreger@us.ibm.com; Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org Subject: RE: proposed AC018 rewording Joe, I really think that the security management requirement should stay with the security goal. I thought that was the net of the F2F, but it was hard for me to know for sure. Heather Kreger Web Services Lead Architect STSM, SWG Emerging Technology kreger@us.ibm.com 919-543-3211 (t/l 441) cell:919-496-9572 Sent by: www-ws-arch-request@w3.org To: "ECKERT,ZULAH (HP-Cupertino,ex1)" <zulah_eckert@hp.com>, "Damodaran, Suresh" <Suresh_Damodaran@stercomm.com>, Heather Kreger/Raleigh/IBM@IBMUS, <Hao.He@thomson.ocm.au>, <adiber@att.com>, <wsgeek2002@yahoo.com> cc: "WSA W3C Public (E-mail)" <www-ws-arch@w3c.org> Subject: RE: proposed AC018 rewording Hi Heather & Zulah, Nice work! I've got a heads-up for you that the following may be headed your way. As you may recall, during the Paris F2F, there was the mention that we might want to relocate under AR018 the admin/management related security requirement, i.e. D-AR006.13 Where a web service provides security features in line with AR006, it SHOULD provide the ability to manage that security in a meaningful way. So, to the working group and the public, I'd like to suggest we start deliberating between: 1) keep the issues of administering/managing WS security in the Security section; or 2) incorporate them into the WS Management section, as D-AR018.x. Cheers, Joe Hui Exodus, a Cable & Wireless service =================================================== -----Original Message----- From: ECKERT,ZULAH (HP-Cupertino,ex1) [mailto:zulah_eckert@hp.com <mailto:zulah_eckert@hp.com> ] Sent: Wednesday, June 19, 2002 12:10 PM To: 'Damodaran, Suresh'; 'kreger@us.ibm.com'; Hao.He@thomson.ocm.au; adiber@att.com; ECKERT,ZULAH (HP-Cupertino,ex1); wsgeek2002@yahoo.com Cc: WSA W3C Public (E-mail) Subject: proposed AC018 rewording Hi All, Here is a proposed rewording of AC018 from Heather and Zulah. Comments? Zulah ---------------------------------------------------------------------- AC018 Enables the management of web services AC018.1 Ensures that implementations of the Web Services Architecture are manageable. AR018.1.1 Define a base set of standard metrics for architectural components and their interactions accompanied by guidelines for measurement. AR018.1.2 Define a base set of standard management operations for Web Services Architecture implementations. Management operations includes, but is not limited to, support for configuration control and lifecycle control. AR018.1.3 Define a base set of management events to be issued by the Web Services Architecture implementation. AR018.1.4 Define a standard methodology for accessing management capabilities from the Web Services Architecture implementation. AC018.2 Ensures that implementations of the Web Service instances are manageable. AR018.2.1 Define how a web service should expose web service specific metrics, configuration, operations, and events. AR018.2.2 Support the discovery of web service management capabilities. AR018.2.3 Define a standard methodology for accessing management capabilities of a Web Service through the Web Services Architecture implementation. AC018.3 Ensure that at least the following types of management applications are supported: Performance Monitoring, Availability, Configuration, Control, and Service Level Agreements.
Received on Thursday, 20 June 2002 13:28:23 UTC