- From: Munter, Joel D <joel.d.munter@intel.com>
- Date: Tue, 5 Mar 2002 10:20:17 -0800
- To: "'W3C WS Architecture'" <www-ws-arch@w3.org>
This was posted on the W3C Web Services (general discussion) list. As it appears relevant to our requirements discussion, I took the initiative to cross-post it. My apologies to anyone if I have caused you to see this again. Comments? Joel -----Original Message----- From: Michele Costabile [mailto:mico@zucchetti.com] Sent: Tuesday, March 05, 2002 8:34 AM To: www-ws@w3.org Subject: RE: Security? I think I need a clarification. Most security schemes I have seen lately (an ten are invented every hour) use SOAP headers in some way and some level of cryptography. All of the SOAP services that will be offered for a fee will have some schema of licensing, i.e. will tweak SOAP headers. SOAP headers are not described in WSDL. I think we need at least a way to express i) which headers should be there ii) the two or three more commmon semantics of headers, like someHeader1 is a kerberos ticket while header thatHeader is a user login iii) an extension mechanism for everything else. If WS-Arch steers too clear of defining mechanisms we will lose the ability of dynamic configuration for all the web services not offered for free. > -----Original Message----- > From: Henrik Frystyk Nielsen [mailto:henrikn@microsoft.com] > Sent: venerdi 15 febbraio 2002 18.23 > To: Anne Thomas Manes; Michele Costabile; www-ws@w3.org > Subject: RE: Security? > > > > As a friendly amendment, while it is certainly within the scope [1] of > the WS-Arch WG to consider security and licensing, it doesn't seem to be > within its scope to actually define such mechanisms. > > Henrik > > [1] http://www.w3.org/2002/01/ws-arch-charter > > >No formal activity is underway at this time to standardize WS > >Security protocols. We just recently formed the Web Services > >Architecture Working Group, and one of the goals of this group > >is to address security. See http://www.w3.org/2002/01/ws-arch-charter > > > >Best regards, > > > >Anne Thomas Manes > >CTO, Systinet > >www.systinet.com > > > >> -----Original Message----- > >> From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On > >Behalf Of > >> Michele Costabile > >> Sent: Friday, February 15, 2002 11:37 AM > >> To: www-ws@w3.org > >> Subject: Security? > >> > >> > >> There are a lot of emergin models for applying security to web > >> services, e.g. using SOAP header to transport Kerberos tickets or > >> licence data. Is W3C working on a common specification for security > >> and licensing in WS? >
Received on Tuesday, 5 March 2002 13:20:19 UTC