RE: D-AG006 Security

Mark,

The problem does not already have a solution. There are a number of
standards that will be cited by this working group (XML Signature, XML
Encryption, XKMS, SAML, XACML, etc.), but there's no standard that ties
these standards to Web services and SOAP. We need a standard that defines
how to sign all or part of a SOAP message, how to represent the XML
signature in a SOAP message, how to obtain the keys necessary to decrypt the
message, how to pass credentials in a SOAP message, and how to represent
credential delegation in a SOAP message, etc., etc.. The best specification
at our disposal is IBM/Microsoft/Verisign's WS-Security, but it isn't a
standard. And it doesn't talk about how to pass SAML assertions or XACML
policies in a SOAP message. It doesn't tie in XKMS. That's why we need a
working group.

Anne

> -----Original Message-----
> From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
> Behalf Of Mark Baker
> Sent: Wednesday, May 08, 2002 4:26 PM
> To: Darran Rolls
> Cc: Mark Baker; Anne Thomas Manes; David Orchard; Dilber, Ayse, ALASO;
> Joseph Hui; Edgar, Gerald; Abbie Barbir; Allen Brown; www-ws-arch@w3.org
> Subject: Re: D-AG006 Security
>
>
> On Wed, May 08, 2002 at 02:12:27PM -0500, Darran Rolls wrote:
> > Sounds like a potential part of the charter wording "ensuring reuse of
> > existing web service security standards..."
>
> That would be good too, in case we miss any.  But do we really want
> to charter a WG only to find out that the problem already has a
> solution?
>
> As I said on our very first call, I strongly believe that we don't
> have as much work to do as most WG members might believe, at least
> for some areas (not all).  I request the opportunity to demonstrate
> this.
>
> MB
> --
> Mark Baker, Chief Science Officer, Planetfred, Inc.
> Ottawa, Ontario, CANADA.      mbaker@planetfred.com
> http://www.markbaker.ca   http://www.planetfred.com
>

Received on Wednesday, 8 May 2002 17:29:52 UTC