Re: Abbie's security section

* Francis McCabe <frankmccabe@mac.com> [2004-01-18 12:40-0800]
> I have added Abbie's draft stakeholder section on security to the doc.  
> For the moment, the existing one is there also -- to allow a  
> comparison.

Here are some comments on the $Date: 2004/01/19 17:43:27 $ version:

It would be clearer IMO if the sections "3.4.3.1 HTTPS/SSL" and
"3.4.3.2 Other Technologies" were called "3.4.3.1 Transport-level
security" and "3.4.3.2 Message-level security" to emphasize the
difference.

In 3.4.3.2, I would replace:

| In contrast with HTTPS/SSL, the security protocols offered by
| WS-Security and ebXML messaging are at the message level, achieved by
| extensions to the SOAP headers.

by:

  In contrast with the transport-level security provided by HTTPS/SSL,
  SOAP extensions can be used to provide message-level security, such
  as the Web Services Security: SOAP Message Security specification.

Rationale: highlights the difference of security level, references
community effort around it.

I'll be happy to make those changes if there is no pushback.

Also, I think that "3.4.4 Trust and Discovery" could benefit from a
few words about federation. I remember that Abbie didn't want to
develop it too much, but a few words about it here may not hurt.

Comments?

Regards,

Hugo

-- 
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/

Received on Tuesday, 20 January 2004 09:55:49 UTC