FW: Security?

This was posted on the W3C Web Services (general discussion) list.  As it
appears relevant to our requirements discussion, I took the initiative to
cross-post it.  My apologies to anyone if I have caused you to see this
again.  Comments?
Joel

-----Original Message-----
From: Michele Costabile [mailto:mico@zucchetti.com]
Sent: Tuesday, March 05, 2002 8:34 AM
To: www-ws@w3.org
Subject: RE: Security?


I think I need a clarification.
Most security schemes I have seen lately (an ten are invented every hour)
use SOAP headers in some way and some level of cryptography.
All of the SOAP services that will be offered for a fee will have some
schema of licensing, i.e. will tweak SOAP headers.
SOAP headers are not described in WSDL.
I think we need at least a way to express
i) which headers should be there
ii) the two or three more commmon semantics of headers, like someHeader1 is
a kerberos ticket while header thatHeader is a user login
iii) an extension mechanism for everything else.

If WS-Arch steers too clear of defining mechanisms we will lose the ability
of dynamic configuration for all the web services not offered for free.


> -----Original Message-----
> From: Henrik Frystyk Nielsen [mailto:henrikn@microsoft.com]
> Sent: venerdi 15 febbraio 2002 18.23
> To: Anne Thomas Manes; Michele Costabile; www-ws@w3.org
> Subject: RE: Security?
>
>
>
> As a friendly amendment, while it is certainly within the scope [1] of
> the WS-Arch WG to consider security and licensing, it doesn't seem to be
> within its scope to actually define such mechanisms.
>
> Henrik
>
> [1] http://www.w3.org/2002/01/ws-arch-charter
>
> >No formal activity is underway at this time to standardize WS
> >Security protocols. We just recently formed the Web Services
> >Architecture Working Group, and one of the goals of this group
> >is to address security. See http://www.w3.org/2002/01/ws-arch-charter
> >
> >Best regards,
> >
> >Anne Thomas Manes
> >CTO, Systinet
> >www.systinet.com
> >
> >> -----Original Message-----
> >> From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On
> >Behalf Of
> >> Michele Costabile
> >> Sent: Friday, February 15, 2002 11:37 AM
> >> To: www-ws@w3.org
> >> Subject: Security?
> >>
> >>
> >> There are a lot of emergin models for applying security to web
> >> services, e.g. using SOAP header to transport Kerberos tickets or
> >> licence data. Is W3C working on a common specification for security
> >> and licensing in WS?
>

Received on Tuesday, 5 March 2002 13:20:19 UTC