- From: Christopher Ferris <chris.ferris@sun.com>
- Date: Sat, 04 May 2002 09:56:35 -0400
- To: "'www-ws-arch@w3.org'" <www-ws-arch@w3.org>
MSFT: To begin with, this should be called out as at a different level of abstraction than the first 4 architecturral requirements. In addition, this is just a web service, of which there will be many alternatives. INTEL: Need some explanation about using Public Key Encryption (PKE), and not using PKI. Also, the requirement should have been independent of any specific technology such as PKE. SYBS: Is it in the charter to identify at such fine grain technologies to be used in Web Services W3C: See http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0019.html PF: I believe it sufficient that we say that public keys should be used. That is very different than saying that PKI should be used. The use of public keys does not require PKI. CrossWeave: This implies an implementation of authentication, integrity, and/or confidentiality. We shouldn't be prescribing implementations. ATT: AT&T suggests to replace the word "include" with "INTEROPERABLE" so it reads: The security framework must INTEROPERATE with Key Management, pertaining to PKE and KDC
Received on Saturday, 4 May 2002 09:58:48 UTC