RE: Security?

I think Web Service Security Interoperbility w.r.t. how
SOAP messages can support confidentiality, integrity, 
authentication data, and authorization data is part 
of the scope of this WG. 

However, we do not necessarily need to invent new security 
protocols, but rather have agreements of how to express such 
security features carried in SOAP messages in a standardized 
headers.


----Zahid


 

> As a friendly amendment, while it is certainly within the scope [1] of
> the WS-Arch WG to consider security and licensing, it doesn't seem to be
> within its scope to actually define such mechanisms.
>

-----Original Message-----
From: Munter, Joel D [mailto:joel.d.munter@intel.com]
Sent: Tuesday, March 05, 2002 10:20 AM
To: 'W3C WS Architecture'
Subject: FW: Security?



This was posted on the W3C Web Services (general discussion) list.  As it
appears relevant to our requirements discussion, I took the initiative to
cross-post it.  My apologies to anyone if I have caused you to see this
again.  Comments?
Joel

-----Original Message-----
From: Michele Costabile [mailto:mico@zucchetti.com]
Sent: Tuesday, March 05, 2002 8:34 AM
To: www-ws@w3.org
Subject: RE: Security?


I think I need a clarification.
Most security schemes I have seen lately (an ten are invented every hour)
use SOAP headers in some way and some level of cryptography.
All of the SOAP services that will be offered for a fee will have some
schema of licensing, i.e. will tweak SOAP headers.
SOAP headers are not described in WSDL.
I think we need at least a way to express
i) which headers should be there
ii) the two or three more commmon semantics of headers, like someHeader1 is
a kerberos ticket while header thatHeader is a user login
iii) an extension mechanism for everything else.

If WS-Arch steers too clear of defining mechanisms we will lose the ability
of dynamic configuration for all the web services not offered for free.


> -----Original Message-----
> From: Henrik Frystyk Nielsen [mailto:henrikn@microsoft.com]
> Sent: venerdi 15 febbraio 2002 18.23
> To: Anne Thomas Manes; Michele Costabile; www-ws@w3.org
> Subject: RE: Security?
>
>
>
> As a friendly amendment, while it is certainly within the scope [1] of
> the WS-Arch WG to consider security and licensing, it doesn't seem to be
> within its scope to actually define such mechanisms.
>
> Henrik
>
> [1] http://www.w3.org/2002/01/ws-arch-charter
>
> >No formal activity is underway at this time to standardize WS
> >Security protocols. We just recently formed the Web Services
> >Architecture Working Group, and one of the goals of this group
> >is to address security. See http://www.w3.org/2002/01/ws-arch-charter
> >
> >Best regards,
> >
> >Anne Thomas Manes
> >CTO, Systinet
> >www.systinet.com
> >
> >> -----Original Message-----
> >> From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On
> >Behalf Of
> >> Michele Costabile
> >> Sent: Friday, February 15, 2002 11:37 AM
> >> To: www-ws@w3.org
> >> Subject: Security?
> >>
> >>
> >> There are a lot of emergin models for applying security to web
> >> services, e.g. using SOAP header to transport Kerberos tickets or
> >> licence data. Is W3C working on a common specification for security
> >> and licensing in WS?
>

Received on Thursday, 7 March 2002 20:31:48 UTC