- From: Sandeep Kumar <sandkuma@cisco.com>
- Date: Fri, 10 May 2002 07:38:47 -0700
- To: "David Orchard" <dorchard@bea.com>, "'Anne Thomas Manes'" <anne@manes.net>, "'Mark Baker'" <distobj@acm.org>, "'Darran Rolls'" <Darran.Rolls@waveset.com>
- Cc: "'Dilber, Ayse, ALASO'" <adilber@att.com>, "'Joseph Hui'" <Joseph.Hui@exodus.net>, "'Edgar, Gerald'" <gerald.edgar@boeing.com>, "'Abbie Barbir'" <abbieb@nortelnetworks.com>, "'Allen Brown'" <allenbr@microsoft.com>, <www-ws-arch@w3.org>
Dave, I thought I already replied to this email yesterday. Seems like a mail problem again .. SAndeep -----Original Message----- From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On Behalf Of David Orchard Sent: Wednesday, May 08, 2002 8:22 PM To: 'Sandeep Kumar'; 'Anne Thomas Manes'; 'Mark Baker'; 'Darran Rolls' Cc: 'Dilber, Ayse, ALASO'; 'Joseph Hui'; 'Edgar, Gerald'; 'Abbie Barbir'; 'Allen Brown'; www-ws-arch@w3.org Subject: RE: D-AG006 Security Sandeep, You don't think we can have a roadmap and tackle smaller pieces in phases? That we (or more actually the security WG) have to consider all in the first revision? This is somewhat surprising to me. as I've always admired your companies' delivery of phased products. Could you explain this to me, as I'm just really surprised to hear an advocate against a phased approach. I'd be interested in a straw poll of how many people don't want a multi-phase approach for security or any other areas. Our group clearly still has to discuss approach to requirements and charters, and how comfortable we are with moving quickly. I'd also be interested in finding out where consensus is on security functionality for v1 - perhaps authentication/integrity/confidentiality? - and what the group thinks of additional functionality. Cheers, Dave > -----Original Message----- > From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On > Behalf Of Sandeep Kumar > Sent: Wednesday, May 08, 2002 5:34 PM > To: Anne Thomas Manes; Mark Baker; Darran Rolls > Cc: David Orchard; Dilber, Ayse, ALASO; Joseph Hui; Edgar, > Gerald; Abbie > Barbir; Allen Brown; www-ws-arch@w3.org > Subject: RE: D-AG006 Security > > > Anne: I fully agree with you the way you have outlined the domain > for this (to be?) proposed new WG. > > I would lke to further add that ALL of these technologies MUST > be comprehensively considered by that WG as part of 1-PHASE and NOT in > phases > (as I saw some such mention in a thread). > > Sandeep > > > -----Original Message----- > From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On > Behalf Of Anne Thomas Manes > Sent: Wednesday, May 08, 2002 2:29 PM > To: Mark Baker; Darran Rolls > Cc: Anne Thomas Manes; David Orchard; Dilber, Ayse, ALASO; Joseph Hui; > Edgar, Gerald; Abbie Barbir; Allen Brown; www-ws-arch@w3.org > Subject: RE: D-AG006 Security > > > Mark, > > The problem does not already have a solution. There are a number of > standards that will be cited by this working group (XML Signature, XML > Encryption, XKMS, SAML, XACML, etc.), but there's no standard > that ties > these standards to Web services and SOAP. We need a standard > that defines > how to sign all or part of a SOAP message, how to represent the XML > signature in a SOAP message, how to obtain the keys necessary > to decrypt the > message, how to pass credentials in a SOAP message, and how > to represent > credential delegation in a SOAP message, etc., etc.. The best > specification > at our disposal is IBM/Microsoft/Verisign's WS-Security, but > it isn't a > standard. And it doesn't talk about how to pass SAML > assertions or XACML > policies in a SOAP message. It doesn't tie in XKMS. That's > why we need a > working group. > > Anne > > > -----Original Message----- > > From: www-ws-arch-request@w3.org > [mailto:www-ws-arch-request@w3.org]On > > Behalf Of Mark Baker > > Sent: Wednesday, May 08, 2002 4:26 PM > > To: Darran Rolls > > Cc: Mark Baker; Anne Thomas Manes; David Orchard; Dilber, > Ayse, ALASO; > > Joseph Hui; Edgar, Gerald; Abbie Barbir; Allen Brown; > www-ws-arch@w3.org > > Subject: Re: D-AG006 Security > > > > > > On Wed, May 08, 2002 at 02:12:27PM -0500, Darran Rolls wrote: > > > Sounds like a potential part of the charter wording > "ensuring reuse of > > > existing web service security standards..." > > > > That would be good too, in case we miss any. But do we really want > > to charter a WG only to find out that the problem already has a > > solution? > > > > As I said on our very first call, I strongly believe that we don't > > have as much work to do as most WG members might believe, at least > > for some areas (not all). I request the opportunity to demonstrate > > this. > > > > MB > > -- > > Mark Baker, Chief Science Officer, Planetfred, Inc. > > Ottawa, Ontario, CANADA. mbaker@planetfred.com > > http://www.markbaker.ca http://www.planetfred.com > > > > >
Received on Friday, 10 May 2002 10:40:25 UTC