- From: Joseph Hui <jhui@digisle.net>
- Date: Tue, 12 Mar 2002 18:22:35 -0800
- To: "Krishna Sankar" <ksankar@cisco.com>
- Cc: <www-ws-arch@w3.org>
SLA is an instance of QoS. They are of the same nature. I can mount a full-scale argument to discern the nuances. But I won't, since my aim was to prevent security from getting mixed up with QoS in one goal. That end's apparently been achieved. Cheers, Joe Hui Exodus, a Cable & Wireless service ===================================== > From: Krishna Sankar [mailto:ksankar@cisco.com] [snip] > QoS is not a measurement, SLA is. QoS is architectural, SLA is > operational. Arguments can be made for otherwise. > > QoS also can include reliable messaging dimensions. By the by > everything is measured - either in a binary scale (yes or no) > or analog > scale (0-100 et al) > > QoS is not included in security because it is a separate > functionality. > > cheers > > > | -----Original Message----- > | From: www-ws-arch-request@w3.org > | [mailto:www-ws-arch-request@w3.org] On Behalf Of Joseph Hui > | Sent: Tuesday, March 12, 2002 5:07 PM > | To: Anne Thomas Manes; Krishna Sankar; www-ws-arch@w3.org > | Subject: RE: D-AG006 Security > | > | > | > From: Anne Thomas Manes [mailto:anne@manes.net] > | [snip] > | > Perhaps we should define a requirement to specify quality of > | > service, which > | > would include security, transactions, reliability, etc. > | > | QoS is a measurement. > | It's not an architectural function, thus security > | can't be a part of it. The two are apple and orange IMHO. > | QoS is meaningful only (mostly?) in cases where success can > | be measured in a range of values, say 1 to 100. Say, if your > | SLA guarantees 99.999% uptime, then you get some rebate > | from your service provider for services below par. > | In security, it's either 0 (for failure, any failure) > | or 100 for success; but one can hardly claim 100 due to a > | negative-deliverable argument, which says: "security is a > | negative deliverable." (I've borrowed the term "negative > | deliverable" from Jeff Schiller, a Security Area Director > | in IETF, who once said (and I paraphrase here): "In security, > | you work towards a negative deliverable -- you don't know > | if you have it (i.e. security achieved) until you know > | you don't!") > | > | Joe Hui > | Exodus, a Cable & Wireless service > | =================================================== > | > | > > | > Although BTP, ebXML MS, SAML, and other technologies address > | > these areas, > | > they don't specify how a SOAP message should relay this > | > information (well, > | > ebXML does -- but most of the SOAP community doesn't pay > | much heed to > | > ebXML). If we're to enable interoperability, at some point > | > we'll need to > | > form groups to define SOAP extenstions that specify how to > | > represent this > | > information/context in SOAP headers. > | > > | > Anne > | > > | > > -----Original Message----- > | > > From: www-ws-arch-request@w3.org > | > [mailto:www-ws-arch-request@w3.org]On > | > > Behalf Of Krishna Sankar > | > > Sent: Tuesday, March 12, 2002 6:01 PM > | > > To: www-ws-arch@w3.org > | > > Subject: RE: D-AG006 Security > | > > > | > > > | > > Hi all, > | > > > | > > Couple of points : > | > > > | > > 1. Message delivery semantics - Once and > Once only or at > | > > most once or best effort - are not under security per se. > | > They can be a > | > > consideration in some other "bucket" > | > > > | > > 2. Same goes with transactions - in the > strict traditional > | > > sense (distributed transaction with roll back/commit > | > capability) or the > | > > new paradigm (a la BTP) with compensating trx et al. > | > > > | > > I think in both cases, the architecture can > specify placeholders > | > > for a web service to specify all these attributes. May be > | > we could refer > | > > to the appropriate disciplines/initiatives to define the actual > | > > semantics - BTP (for distributed trx), ebXML (for Reliable > | > messaging) et > | > > al. > | > > > | > > Secure messaging would be under security. > | > > > | > > cheers > | > > > | > > | -----Original Message----- > | > > | From: www-ws-arch-request@w3.org > | > > | [mailto:www-ws-arch-request@w3.org] On Behalf Of Cutler, > | > > | Roger (RogerCutler) > | > > | Sent: Tuesday, March 12, 2002 2:28 PM > | > > | To: 'Joseph Hui'; Cutler, Roger (RogerCutler); Krishna > | > > | Sankar; www-ws-arch@w3.org > | > > | Subject: RE: D-AG006 Security > | > > | > | > > | > | > > | I'm not quite sure what you mean by "transaction > | > > | processing". I have heard > | > > | the term used in more than one way. Is the concern > | > > | essentially to have a > | > > | mechanism for handling stateful transactions -- for example, > | > > | to carry state > | > > | information in the messages? Or are you talking about the > | > > | idea of "rolling > | > > | back" a transaction if it fails -- or possibly of initiating > | > > | compensating > | > > | transactions? > | > > | > | > > | -----Original Message----- > | > > | From: Joseph Hui [mailto:jhui@digisle.net] > | > > | Sent: Tuesday, March 12, 2002 4:14 PM > | > > | To: Cutler, Roger (RogerCutler); Krishna Sankar; > | > www-ws-arch@w3.org > | > > | Subject: RE: D-AG006 Security > | > > | > | > > | > | > > | > -----Original Message----- > | > > | [snip] > | > > | > Could we possibly consider putting reliable messaging into > | > > | > the security bucket? > | > > | > | > > | I don't think so. There's no security primitives that > | > > | would fit the bill of reliable messaging (RM), which > | I sometimes > | > > | characterize as "layer-7 TCP" where a session between two > | > > | endpoints may span > | > > | over several time-serialized connections, disconnections, > | > > | reconnections. > | > > | AG006 may include securing RM, but not RM per se. > | > > | > | > > | While at it, let me mention that if you want to include > | > > | RM in WS-Arch, then you may as well not leave out > | > > | transaction processing. > | > > | > | > > | [snip] > | > > | > it is a natural > | > > | > progression of thought: "I'm worried about who the > | author of > | > > | > the message > | > > | > is, whether it is distorted, and that IT ACTUALLY > | GETS THERE". > | > > | > | > > | ^^^^^^^^^^^^^^^^^^^^^^ There no > | > > | security primitives that can guarantee data arrival. > | > > | > | > > | Joe Hui > | > > | Exodus, a Cable & Wireless service > | > > | > | > > | > | > > | > | > > > | > > | > > | > | > >
Received on Tuesday, 12 March 2002 21:22:57 UTC