RE: D-AR006.10: Security policy description from Joseph Hui on 2002-05-03 (www-ws-arch@w3.org from May 2002)

From: Joseph Hui <jhui@digisle.net>
Date: Thu, 2 May 2002 17:48:24 -0700
To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Message-ID: <C153D39717E5F444B81E7B85018A460B06685954@ex-sj-5.digisle.com>

> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org]
> Sent: Thursday, May 02, 2002 12:20 PM
> To: www-ws-arch@w3.org
> Subject: D-AR006.10: Security policy description
> 
> 
> D-AR006.10 reads:
> 
>           + D-AR006.10 The description of a Web service SHOULD include
>             security policy.
> 
> There will be a fair number of services that won't need security. I
> think that this should be reworded into (based on D-AR020.1):
> 
>   It MUST be possible to advertise security policies for a Web
>   service.

I don't think so.  Note the "SHOULD" word. 
It doesn't perturb web services that don't need security one bit.

Cheers,

Joe Hui
Exodus, a Cable & Wireless service
========================================
> 
> Regards,
> 
> Hugo
> 
> -- 
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> tel:+1-617-452-2092
> 
>

Received on Thursday, 2 May 2002 20:48:28 UTC