RE: D-AG006 Security from Cutler, Roger (RogerCutler) on 2002-03-13 (www-ws-arch@w3.org from March 2002)

From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
Date: Tue, 12 Mar 2002 20:42:54 -0800
To: "'Krishna Sankar'" <ksankar@cisco.com>, www-ws-arch@w3.org
Message-ID: <3B286631A9CFD1118D0700805F6F9F5A09D09CA0@hou281-msx1.chevron.com>
I think that this discussion belongs in a different thread, since you guys
are all agreed that it is not security, but I don't know how to pose a QoS
goal.  I'll try if nobody else will, but I don't think I'm going to be able
to do this very well.  I'm just convinced that some of the issues involved
here are really important and should show up in the goals somewhere. 

I agree that we should look at what ebXML did with reliable messaging and
possibly other related topics.  As Anne pointed out SOAP people have been
mostly ignoring ebXML, but I think parts of ebXML may be getting some
traction elsewhere.  I have heard some rumblings that reliable messaging
might be one such.  Maybe that's just because they are the only ones who
have done anything, of course ...  

-----Original Message-----
From: Krishna Sankar [mailto:ksankar@cisco.com] 
Sent: Tuesday, March 12, 2002 6:37 PM
To: www-ws-arch@w3.org
Subject: RE: D-AG006 Security


Ann,

	Good idea. Do we have an D-AG00x number for QoS ? Like Ann points
out, we also need a vocabulary for defining and describing QoS related
factors for interoperability.

	I also would like to add cachability factors in the same bucket.

	BTW, ebXML would be a good start. I think it is in our charter to
work with OASIS and W3C groups on this.

cheers

 | -----Original Message-----
 | From: Anne Thomas Manes [mailto:anne@manes.net] 
 | Sent: Tuesday, March 12, 2002 4:16 PM
 | To: Krishna Sankar; www-ws-arch@w3.org
 | Subject: RE: D-AG006 Security
 | 
 | 
 | Perhaps we should define a requirement to specify quality of 
 | service, which
 | would include security, transactions, reliability, etc.
 | 
 | Although BTP, ebXML MS, SAML, and other technologies address 
 | these areas,
 | they don't specify how a SOAP message should relay this 
 | information (well,
 | ebXML does -- but most of the SOAP community doesn't pay much heed to  |
ebXML). If we're to enable interoperability, at some point 
 | we'll need to
 | form groups to define SOAP extenstions that specify how to 
 | represent this
 | information/context in SOAP headers.
 | 
 | Anne
 | 
 | > -----Original Message-----
 | > From: www-ws-arch-request@w3.org 
 | [mailto:www-ws-arch-request@w3.org]On
 | > Behalf Of Krishna Sankar
 | > Sent: Tuesday, March 12, 2002 6:01 PM
 | > To: www-ws-arch@w3.org
 | > Subject: RE: D-AG006 Security
 | >
 | >
 | > Hi all,
 | >
 | > 	Couple of points :
 | >
 | > 	1.	Message delivery semantics - Once and Once only or at
 | > most once or best effort - are not under security per se. 
 | They can be a
 | > consideration in some other "bucket"
 | >
 | > 	2.	Same goes with transactions - in the strict traditional
 | > sense (distributed transaction with roll back/commit 
 | capability) or the
 | > new paradigm (a la BTP) with compensating trx et al.
 | >
 | > 	I think in both cases, the architecture can specify placeholders
 | > for a web service to specify all these attributes. May be 
 | we could refer
 | > to the appropriate disciplines/initiatives to define the actual  | >
semantics - BTP (for distributed trx), ebXML (for Reliable 
 | messaging) et
 | > al.
 | >
 | > 	Secure messaging would be under security.
 | >
 | > cheers
 | >
 | >  | -----Original Message-----
 | >  | From: www-ws-arch-request@w3.org
 | >  | [mailto:www-ws-arch-request@w3.org] On Behalf Of Cutler,  | >  |
Roger (RogerCutler)  | >  | Sent: Tuesday, March 12, 2002 2:28 PM  | >  |
To: 'Joseph Hui'; Cutler, Roger (RogerCutler); Krishna  | >  | Sankar;
www-ws-arch@w3.org  | >  | Subject: RE: D-AG006 Security  | >  |  | >  |  |
>  | I'm not quite sure what you mean by "transaction  | >  | processing". I
have heard  | >  | the term used in more than one way.  Is the concern  | >
| essentially to have a  | >  | mechanism for handling stateful transactions
-- for example,  | >  | to carry state  | >  | information in the messages?
Or are you talking about the  | >  | idea of "rolling  | >  | back" a
transaction if it fails -- or possibly of initiating  | >  | compensating  |
>  | transactions?  | >  |  | >  | -----Original Message-----  | >  | From:
Joseph Hui [mailto:jhui@digisle.net]  | >  | Sent: Tuesday, March 12, 2002
4:14 PM  | >  | To: Cutler, Roger (RogerCutler); Krishna Sankar; 
 | www-ws-arch@w3.org
 | >  | Subject: RE: D-AG006 Security
 | >  |
 | >  |
 | >  | > -----Original Message-----
 | >  | [snip]
 | >  | > Could we possibly consider putting reliable messaging into  | >  |
> the security bucket?  | >  |  | >  | I don't think so.  There's no
security primitives that  | >  | would fit the bill of reliable messaging
(RM), which I sometimes  | >  | characterize as "layer-7 TCP" where a
session between two  | >  | endpoints may span  | >  | over several
time-serialized connections, disconnections,  | >  | reconnections.  | >  |
AG006 may include securing RM, but not RM per se.  | >  |  | >  | While at
it, let me mention that if you want to include  | >  | RM in WS-Arch, then
you may as well not leave out  | >  | transaction processing.  | >  |  | >
| [snip]  | >  | > it is a natural  | >  | > progression of thought:  "I'm
worried about who the author of  | >  | > the message  | >  | > is, whether
it is distorted, and that IT ACTUALLY GETS THERE".  | >  |  | >  |
^^^^^^^^^^^^^^^^^^^^^^ There no  | >  | security primitives that can
guarantee data arrival.  | >  |  | >  | Joe Hui  | >  | Exodus, a Cable &
Wireless service  | >  |  | >  |  | >  |  | >  | 
 |
Received on Tuesday, 12 March 2002 23:43:01 UTC