- From: Joseph Hui <jhui@digisle.net>
- Date: Fri, 8 Mar 2002 18:19:12 -0800
- To: "Krishna Sankar" <ksankar@cisco.com>, <www-ws-arch@w3.org>
> -----Original Message----- > From: Krishna Sankar [mailto:ksankar@cisco.com] [snip] > | 2. You have described the techniques one may use to secure > | *any* web service usage scenario. It would be useful to see > | whether there are categories of usage scenarios where some > | specific combination of techniques will make sense. For > | example, should accessing a "weather info service," be > | secured using authorization, authentication? Should the > | weather info be ensured to be authentic and unaltered? > | Same questions for sending in a bill payment to a bank from > | a customer. If there are many categories, then we may see > | how to satisfy all of them in a generic way. Alternately, > | we may suggest techniques that may be generically adopted. > | > <KS> > I do not think we should get into this. For example we could > describe security 1-10 or weak, medium or strong or ... Again the > relative strengths or other similar grading attributes are domain > specific i.e. a weak authC in one domain might be the > strongest authC in > another domain. > > IMHO, we would define and identify the various mechanisms and > leave the interpretations to the domains/applications. Agreed. The WS-Arch doesn't do mechanisms, where vendors can max out their ingenuities to differentiate their products. Joe Hui Exodus, a Cable & Wireless service
Received on Friday, 8 March 2002 21:19:22 UTC