- From: Joseph Hui <jhui@digisle.net>
- Date: Thu, 2 May 2002 17:47:01 -0700
- To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
> -----Original Message----- > From: Hugo Haas [mailto:hugo@w3.org] > Sent: Thursday, May 02, 2002 12:13 PM > To: www-ws-arch@w3.org > Subject: AC006.1: Threat model [..] for Web service endpoints > and their > communication > > > AC006.1 reads: > > | AC006.1 The construction of a Web Services Threat Model based on > | thorough analysis of existing and foreseeable threats to Web service > | endpoints and their communication. > > Is the threat model consideration is limited to endpoints and their > communication? Pretty much so. (You may want to refer to the WS Threat Model I wrote in a previous msg prior to the F2F. I didn't get around to finish it, but the gist is there.) > What is the implication of this? The world will have well secured web services, along with fresh air and clean water, mom and apple pie, ... :-). > What about security in say a registry of services? If the registry manifests itself as a web service endpoint, then it's covered. Cheers, Joe Hui Exodus, a Cable & Wireless service =============================================================== > > Regards, > > Hugo > > -- > Hugo Haas - W3C > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - > tel:+1-617-452-2092 > >
Received on Thursday, 2 May 2002 20:47:08 UTC