RE: D-AR006.11 discussion points from Joseph Hui on 2002-05-07 (www-ws-arch@w3.org from May 2002)

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Tue, 7 May 2002 14:41:14 -0400 (EDT)
To: "wsawg public" <www-ws-arch@w3.org>
Message-ID: <45258A4365C6B24A9832BFE224837D5523BB26@SJDCEX01.int.exodus.net>

Good feedback overal!

> -----Original Message-----
> From: Christopher Ferris [mailto:chris.ferris@sun.com]
> Sent: Saturday, May 04, 2002 7:00 AM
> To: wsawg public
> Subject: D-AR006.11 discussion points
> 
> 
> SUNW: This requirement goes "inside" a web service and places 
> requirements on how it is designed. 

I have no idea how it could be interpreted this way. 

> We should be focusing on externally observable
> (through the web service interfaces) behaviour

Huh?  I don't understand this.

> SYBS: Implementation details. Don't seem to fit in Web 
> Services Architecture group..

Do you mean implementation details needed?
(There're proprietary technologies for doing this, at the
research stage at least.)
 
> W3C: See 
> http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0015.html
> 
> ORCL: I don't quite see how "an architecture" can actually provide an
> interface. And in this case the goal may be too ambitious given the
> number of different possible "infrastructures".

Architectures do often provide interfaces, in one form or another.
I buy that this goal is appearing to be too ambitious for this WG.

> PF: I just don't see the need for this.

Actual needs vary among WS providers/consumers.

> TIB: not clear to me that individual Web services would ever want to
> know whether they were under DOS at some lower layer

It's not about the individual WS detecting DOS, but about it
communicating with the network infrastructure provider to
mitigate DOS or DNS spoofing etc.

> CrossWeave: Don't understand this

No comment.

> CMPQ: ["]The interface is for negotiating services that an 
> infrastructure may
> provide to, or perform on behalf of, a requesting Web Services.
> Such value-added services may include: security, content delivery,
> QoS, etc. For instance, a Web service may instruct (via the 
> interface) the security
> agents of its infrastructure to defend against DOS/DDOS 
> attacks on its behalf.["]
> 
> This seems to say that the requirement is
> "The security framework must provide for negotiations pertaining to
> security considerations."
> 
> That is, the requirement is for negotiation support;  within 
> security context,
> it is security negotiation, within QoS context, it is QoS 
> negotiation, etc.

Hmmm, I think you've pretty much got it.

Cheers,

Joe Hui
Exodus, a Cable & Wireless service

Received on Tuesday, 7 May 2002 16:36:06 UTC