DOS attacks from Ahmed, Zahid on 2002-05-02 (www-ws-arch@w3.org from May 2002)

From: Ahmed, Zahid <zahid.ahmed@commerceone.com>
Date: Thu, 2 May 2002 14:23:11 -0700
To: www-ws-arch@w3.org
Message-ID: <C1E0143CD365A445A4417083BF6F42CC02F89091@C1plenaexm07.commerceone.com>

I agree we need to restrict the scope of Web Services
security to application/service level. 

DOS attacks is usually viewed as within the scope
of transport and network security.

Zahid Ahmed



-----Original Message-----
From: Sandeep Kumar [mailto:sandkuma@cisco.com]
Sent: Thursday, May 02, 2002 12:41 PM
To: Hugo Haas; www-ws-arch@w3.org
Subject: RE: D-AR006.1: DOS attacks


+1.
I would re-iterate that this WG should focus its energy on App-Level
Security (AuthN, AutZ, Non-Repudiation, Encryption, Confidentiality, etc.)
and not on Transport-Level. Nor should it focus on defining mechanisms and
means for
handling different security attacks. There are overall system-level issues
that
deal with such attacks.

sandeep


-----Original Message-----
From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
Behalf Of Hugo Haas
Sent: Thursday, May 02, 2002 12:17 PM
To: www-ws-arch@w3.org
Subject: D-AR006.1: DOS attacks


This seems out of our scope to me. I don't see how architecturally we
can prevent DOS attacks.

Regards,

Hugo

--
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092

Received on Thursday, 2 May 2002 17:23:23 UTC