- From: Hugo Haas <hugo@w3.org>
- Date: Tue, 20 Jan 2004 15:55:48 +0100
- To: Francis McCabe <frankmccabe@mac.com>
- Cc: www-ws-arch@w3.org
- Message-ID: <20040120145548.GI2419@w3.org>
* Francis McCabe <frankmccabe@mac.com> [2004-01-18 12:40-0800] > I have added Abbie's draft stakeholder section on security to the doc. > For the moment, the existing one is there also -- to allow a > comparison. Here are some comments on the $Date: 2004/01/19 17:43:27 $ version: It would be clearer IMO if the sections "3.4.3.1 HTTPS/SSL" and "3.4.3.2 Other Technologies" were called "3.4.3.1 Transport-level security" and "3.4.3.2 Message-level security" to emphasize the difference. In 3.4.3.2, I would replace: | In contrast with HTTPS/SSL, the security protocols offered by | WS-Security and ebXML messaging are at the message level, achieved by | extensions to the SOAP headers. by: In contrast with the transport-level security provided by HTTPS/SSL, SOAP extensions can be used to provide message-level security, such as the Web Services Security: SOAP Message Security specification. Rationale: highlights the difference of security level, references community effort around it. I'll be happy to make those changes if there is no pushback. Also, I think that "3.4.4 Trust and Discovery" could benefit from a few words about federation. I remember that Abbie didn't want to develop it too much, but a few words about it here may not hurt. Comments? Regards, Hugo -- Hugo Haas - W3C mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Tuesday, 20 January 2004 09:55:49 UTC