- From: Joseph Hui <Joseph.Hui@exodus.net>
- Date: Thu, 20 Jun 2002 11:10:34 -0700
- To: "Damodaran, Suresh" <Suresh_Damodaran@stercomm.com>
- Cc: <www-ws-arch@w3.org>
- Message-ID: <45258A4365C6B24A9832BFE224837D5523BBC6@SJDCEX01.int.exodus.net>
Suresh, The spirit of 6.13, reflecting the current thinking, is to call out the administrative aspect of security. In its general sense, it's open to "reasonable" interpretation within the premise of how ws ser should be managed (or administered). Not unlike other requirements in other goals, the devil is in the details, and they will be fleshed out in the WS Sec WG sessions. At the moment, I'd say security auditing will not be part of it, because there's a separate req for auditing. Cheers, Joe Hui Exodus, a Cable & Wireless service ========================================================== -----Original Message----- From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com] Sent: Thursday, June 20, 2002 10:28 AM To: Joseph Hui; kreger@us.ibm.com Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org Subject: RE: proposed AC018 rewording Joe, What is meant by "security management in 6.13?" I can interpret it in several different ways: broadly security administration, enforcement, and/or monitoring. More specifically, a) the definition of security attributes such as "signatureRequired" b) the composition of security attributes for specific web services and their interactions c) trust management (private key storage, secret key storage, certificate validation including CRLs) d) security auditing (monitoring) e) other security administration ... What is the current thinking on what is meant by security management? cheers, -Suresh Sterling Commerce -----Original Message----- From: Joseph Hui [mailto:Joseph.Hui@exodus.net] Sent: Thursday, June 20, 2002 11:21 AM To: kreger@us.ibm.com Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Damodaran, Suresh; Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org Subject: RE: proposed AC018 rewording I would think it should stay with the sec goal and let WS Management set a reference pointer to it. It made much sense to me in light that there would be a new WS Sec WG to be formed, or very likely to be formed considering the pushback against the group's immediate formation. So the F2F upshot was inconclusive. I'd suggest those who were in favor of relocating to air their view now and move to change the doc; else the WG should conclude to let it stay within the sec goal by default. Joe Hui Exodus, a Cable & Wireless service ========================================================= -----Original Message----- From: kreger@us.ibm.com [mailto:kreger@us.ibm.com] Sent: Thursday, June 20, 2002 8:58 AM To: Joseph Hui Cc: ECKERT,ZULAH (HP-Cupertino,ex1); Damodaran, Suresh; kreger@us.ibm.com; Hao.He@thomson.ocm.au; adiber@att.com; wsgeek2002@yahoo.com; www-ws-arch@w3.org Subject: RE: proposed AC018 rewording Joe, I really think that the security management requirement should stay with the security goal. I thought that was the net of the F2F, but it was hard for me to know for sure. Heather Kreger Web Services Lead Architect STSM, SWG Emerging Technology kreger@us.ibm.com 919-543-3211 (t/l 441) cell:919-496-9572 Sent by: www-ws-arch-request@w3.org To: "ECKERT,ZULAH (HP-Cupertino,ex1)" <zulah_eckert@hp.com>, "Damodaran, Suresh" <Suresh_Damodaran@stercomm.com>, Heather Kreger/Raleigh/IBM@IBMUS, <Hao.He@thomson.ocm.au>, <adiber@att.com>, <wsgeek2002@yahoo.com> cc: "WSA W3C Public (E-mail)" <www-ws-arch@w3c.org> Subject: RE: proposed AC018 rewording Hi Heather & Zulah, Nice work! I've got a heads-up for you that the following may be headed your way. As you may recall, during the Paris F2F, there was the mention that we might want to relocate under AR018 the admin/management related security requirement, i.e. D-AR006.13 Where a web service provides security features in line with AR006, it SHOULD provide the ability to manage that security in a meaningful way. So, to the working group and the public, I'd like to suggest we start deliberating between: 1) keep the issues of administering/managing WS security in the Security section; or 2) incorporate them into the WS Management section, as D-AR018.x. Cheers, Joe Hui Exodus, a Cable & Wireless service =================================================== -----Original Message----- From: ECKERT,ZULAH (HP-Cupertino,ex1) [ mailto:zulah_eckert@hp.com] Sent: Wednesday, June 19, 2002 12:10 PM To: 'Damodaran, Suresh'; 'kreger@us.ibm.com'; Hao.He@thomson.ocm.au; adiber@att.com; ECKERT,ZULAH (HP-Cupertino,ex1); wsgeek2002@yahoo.com Cc: WSA W3C Public (E-mail) Subject: proposed AC018 rewording Hi All, Here is a proposed rewording of AC018 from Heather and Zulah. Comments? Zulah ---------------------------------------------------------------------- AC018 Enables the management of web services AC018.1 Ensures that implementations of the Web Services Architecture are manageable. AR018.1.1 Define a base set of standard metrics for architectural components and their interactions accompanied by guidelines for measurement. AR018.1.2 Define a base set of standard management operations for Web Services Architecture implementations. Management operations includes, but is not limited to, support for configuration control and lifecycle control. AR018.1.3 Define a base set of management events to be issued by the Web Services Architecture implementation. AR018.1.4 Define a standard methodology for accessing management capabilities from the Web Services Architecture implementation. AC018.2 Ensures that implementations of the Web Service instances are manageable. AR018.2.1 Define how a web service should expose web service specific metrics, configuration, operations, and events. AR018.2.2 Support the discovery of web service management capabilities. AR018.2.3 Define a standard methodology for accessing management capabilities of a Web Service through the Web Services Architecture implementation. AC018.3 Ensure that at least the following types of management applications are supported: Performance Monitoring, Availability, Configuration, Control, and Service Level Agreements.
Received on Thursday, 20 June 2002 14:09:45 UTC