RE: proposed AC018 rewording

Suresh,
 
The spirit of 6.13, reflecting the current thinking,
is to call out the administrative aspect of security.
In its general sense, it's open to "reasonable" interpretation
within the premise of how ws ser should be managed (or administered).
 
Not unlike other requirements in other goals, the
devil is in the details, and they will be fleshed out
in the WS Sec WG sessions.
 
At the moment, I'd say security auditing will not be
part of it, because there's a separate req for auditing.
 
Cheers,
Joe Hui
Exodus, a Cable & Wireless service 

==========================================================

 

-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Thursday, June 20, 2002 10:28 AM
To: Joseph Hui; kreger@us.ibm.com
Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org
Subject: RE: proposed AC018 rewording


Joe,
 
What is meant by "security management in 6.13?" 
 
I can interpret it in several different ways: broadly security administration, enforcement, and/or monitoring.
More specifically, 
 
 a) the definition of security attributes such as "signatureRequired"
 b) the composition of security attributes for specific web services and their interactions
 c) trust management (private key storage, secret key storage, certificate validation including CRLs)
 d) security auditing (monitoring)
 e) other security administration
...
 
What is the current thinking on what is meant by security management?
 
cheers,

-Suresh 
Sterling Commerce   

-----Original Message-----
From: Joseph Hui [mailto:Joseph.Hui@exodus.net]
Sent: Thursday, June 20, 2002 11:21 AM
To: kreger@us.ibm.com
Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Damodaran, Suresh; Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org
Subject: RE: proposed AC018 rewording


I would think it should stay with the sec goal and let WS Management set
a reference pointer to it.  It made much sense to me in light that there would
be a new WS Sec WG to be formed, or very likely to be formed considering
the pushback against the group's immediate formation.  
So the F2F upshot was inconclusive.
 
I'd suggest those who were in favor of relocating to air their view now
and move to change the doc; else the WG should conclude to let it stay
within the sec goal by default.
 
Joe Hui
Exodus, a Cable & Wireless service

=========================================================
 

-----Original Message-----
From: kreger@us.ibm.com [mailto:kreger@us.ibm.com]
Sent: Thursday, June 20, 2002 8:58 AM
To: Joseph Hui
Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Damodaran, Suresh; kreger@us.ibm.com; Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org
Subject: RE: proposed AC018 rewording



Joe, 
I really think that the security management requirement should stay with the security goal. 
I thought that was the net of the F2F, but it was hard for me to know for sure.

Heather Kreger
Web Services Lead Architect
STSM, SWG Emerging Technology
kreger@us.ibm.com
919-543-3211 (t/l 441) cell:919-496-9572



Sent by: www-ws-arch-request@w3.org 


To: "ECKERT,ZULAH (HP-Cupertino,ex1)" <zulah_eckert@hp.com>, "Damodaran, Suresh" <Suresh_Damodaran@stercomm.com>, Heather Kreger/Raleigh/IBM@IBMUS, <Hao.He@thomson.ocm.au>, <adiber@att.com>, <wsgeek2002@yahoo.com>
cc: "WSA W3C Public (E-mail)" <www-ws-arch@w3c.org> 
Subject: RE: proposed AC018 rewording




Hi Heather & Zulah,
 
Nice work!
 
I've got a heads-up for you that the following may be headed your way.
 
As you may recall, during the Paris F2F, there was the mention that we might
want to relocate under AR018 the admin/management related security requirement, i.e. 
 
   D-AR006.13 Where a web service provides security features
   in line with AR006, it SHOULD provide the ability to manage
   that security in a meaningful way.

So, to the working group and the public, I'd like to suggest we start deliberating between:
   1) keep the issues of administering/managing WS security in the Security section; or
 
   2) incorporate them into the WS Management section, as D-AR018.x. 
 
Cheers,
 
Joe Hui
Exodus, a Cable & Wireless service
===================================================
-----Original Message-----
From: ECKERT,ZULAH (HP-Cupertino,ex1) [ mailto:zulah_eckert@hp.com]
Sent: Wednesday, June 19, 2002 12:10 PM
To: 'Damodaran, Suresh'; 'kreger@us.ibm.com'; Hao.He@thomson.ocm.au; adiber@att.com; ECKERT,ZULAH (HP-Cupertino,ex1); wsgeek2002@yahoo.com
Cc: WSA W3C Public (E-mail)
Subject: proposed AC018 rewording


 
Hi All,
 
 Here is a proposed rewording of AC018 from Heather and Zulah.
 
Comments?
Zulah
 
----------------------------------------------------------------------
AC018 Enables the management of web services 

AC018.1 Ensures that implementations of  the Web Services Architecture are manageable.
AR018.1.1  Define a base set of standard metrics for architectural components and their  interactions accompanied by guidelines for measurement.
AR018.1.2  Define a base set of standard management operations for Web Services  Architecture implementations. Management operations includes, but is not  limited to, support for configuration control and lifecycle  control.
AR018.1.3 Define a base set of management events to be  issued by the Web Services Architecture implementation. 
AR018.1.4  Define a standard methodology for accessing management capabilities from the  Web Services Architecture implementation. 

AC018.2 Ensures  that implementations of the Web Service instances are  manageable.
AR018.2.1 Define how a web service should expose web  service specific metrics, configuration, operations, and  events.
AR018.2.2 Support the discovery of web service management  capabilities.
AR018.2.3 Define a standard methodology for  accessing management capabilities of a Web Service through the Web Services  Architecture implementation.

AC018.3 Ensure that at least the  following types of management applications are supported: Performance  Monitoring, Availability, Configuration, Control, and Service Level  Agreements. 

 

Received on Thursday, 20 June 2002 14:09:45 UTC