- From: Christopher Ferris <chris.ferris@sun.com>
- Date: Sat, 04 May 2002 09:53:22 -0400
- To: www-ws-arch@w3.org
MSFT: The W3C is not an articulator of security policies, but rather an articulator of languages and protocols in which such policies can be stated and by which such policies can be enforced. SAG: More substantially, this seems awfully ambitious for a reference architecture; we need to identify the architectural components responsible for enforcing security policies, and perhaps setup a working group chartered to define the mechanisms to counter and mitigate the security hazards. SUNW: WSAWG's responsibility is not to develop these, but to outline and scope them for a new WG to take on as a deliverable. SYBS: I think we may come up with model which will allow people to establish security policies across web service invocations, but not sure if we would come up with a set of security policies to be supported by an architecture. W3C: See http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0011.html PF: I don't believe it is a required part of a reference architecture to solve all identifiable security problems. Vendors might want to differentiate their products based on their security solutions, while remaining interoperable with other products. CrossWeave: I think we should provide security mechanisms for combating threats, but should leave the policies up to implementations.
Received on Saturday, 4 May 2002 09:56:05 UTC