RE: D-AG006 Security from Krishna Sankar on 2002-03-13 (www-ws-arch@w3.org from March 2002)

From: Krishna Sankar <ksankar@cisco.com>
Date: Tue, 12 Mar 2002 16:37:23 -0800
To: <www-ws-arch@w3.org>
Message-ID: <000001c1ca27$3f5e8960$5ca7153f@amer.cisco.com>
Ann,

	Good idea. Do we have an D-AG00x number for QoS ? Like Ann
points out, we also need a vocabulary for defining and describing QoS
related factors for interoperability.

	I also would like to add cachability factors in the same bucket.

	BTW, ebXML would be a good start. I think it is in our charter
to work with OASIS and W3C groups on this.

cheers

 | -----Original Message-----
 | From: Anne Thomas Manes [mailto:anne@manes.net] 
 | Sent: Tuesday, March 12, 2002 4:16 PM
 | To: Krishna Sankar; www-ws-arch@w3.org
 | Subject: RE: D-AG006 Security
 | 
 | 
 | Perhaps we should define a requirement to specify quality of 
 | service, which
 | would include security, transactions, reliability, etc.
 | 
 | Although BTP, ebXML MS, SAML, and other technologies address 
 | these areas,
 | they don't specify how a SOAP message should relay this 
 | information (well,
 | ebXML does -- but most of the SOAP community doesn't pay much heed to
 | ebXML). If we're to enable interoperability, at some point 
 | we'll need to
 | form groups to define SOAP extenstions that specify how to 
 | represent this
 | information/context in SOAP headers.
 | 
 | Anne
 | 
 | > -----Original Message-----
 | > From: www-ws-arch-request@w3.org 
 | [mailto:www-ws-arch-request@w3.org]On
 | > Behalf Of Krishna Sankar
 | > Sent: Tuesday, March 12, 2002 6:01 PM
 | > To: www-ws-arch@w3.org
 | > Subject: RE: D-AG006 Security
 | >
 | >
 | > Hi all,
 | >
 | > 	Couple of points :
 | >
 | > 	1.	Message delivery semantics - Once and Once only or at
 | > most once or best effort - are not under security per se. 
 | They can be a
 | > consideration in some other "bucket"
 | >
 | > 	2.	Same goes with transactions - in the strict traditional
 | > sense (distributed transaction with roll back/commit 
 | capability) or the
 | > new paradigm (a la BTP) with compensating trx et al.
 | >
 | > 	I think in both cases, the architecture can specify placeholders
 | > for a web service to specify all these attributes. May be 
 | we could refer
 | > to the appropriate disciplines/initiatives to define the actual
 | > semantics - BTP (for distributed trx), ebXML (for Reliable 
 | messaging) et
 | > al.
 | >
 | > 	Secure messaging would be under security.
 | >
 | > cheers
 | >
 | >  | -----Original Message-----
 | >  | From: www-ws-arch-request@w3.org
 | >  | [mailto:www-ws-arch-request@w3.org] On Behalf Of Cutler,
 | >  | Roger (RogerCutler)
 | >  | Sent: Tuesday, March 12, 2002 2:28 PM
 | >  | To: 'Joseph Hui'; Cutler, Roger (RogerCutler); Krishna
 | >  | Sankar; www-ws-arch@w3.org
 | >  | Subject: RE: D-AG006 Security
 | >  |
 | >  |
 | >  | I'm not quite sure what you mean by "transaction
 | >  | processing". I have heard
 | >  | the term used in more than one way.  Is the concern
 | >  | essentially to have a
 | >  | mechanism for handling stateful transactions -- for example,
 | >  | to carry state
 | >  | information in the messages?  Or are you talking about the
 | >  | idea of "rolling
 | >  | back" a transaction if it fails -- or possibly of initiating
 | >  | compensating
 | >  | transactions?
 | >  |
 | >  | -----Original Message-----
 | >  | From: Joseph Hui [mailto:jhui@digisle.net]
 | >  | Sent: Tuesday, March 12, 2002 4:14 PM
 | >  | To: Cutler, Roger (RogerCutler); Krishna Sankar; 
 | www-ws-arch@w3.org
 | >  | Subject: RE: D-AG006 Security
 | >  |
 | >  |
 | >  | > -----Original Message-----
 | >  | [snip]
 | >  | > Could we possibly consider putting reliable messaging into
 | >  | > the security bucket?
 | >  |
 | >  | I don't think so.  There's no security primitives that
 | >  | would fit the bill of reliable messaging (RM), which I sometimes
 | >  | characterize as "layer-7 TCP" where a session between two
 | >  | endpoints may span
 | >  | over several time-serialized connections, disconnections,
 | >  | reconnections.
 | >  | AG006 may include securing RM, but not RM per se.
 | >  |
 | >  | While at it, let me mention that if you want to include
 | >  | RM in WS-Arch, then you may as well not leave out
 | >  | transaction processing.
 | >  |
 | >  | [snip]
 | >  | > it is a natural
 | >  | > progression of thought:  "I'm worried about who the author of
 | >  | > the message
 | >  | > is, whether it is distorted, and that IT ACTUALLY GETS THERE".
 | >  |
 | >  | ^^^^^^^^^^^^^^^^^^^^^^ There no
 | >  | security primitives that can guarantee data arrival.
 | >  |
 | >  | Joe Hui
 | >  | Exodus, a Cable & Wireless service
 | >  |
 | >  |
 | >  |
 | >
 | 
 |
Received on Tuesday, 12 March 2002 19:37:59 UTC