RE: Security? from Anne Thomas Manes on 2002-03-06 (www-ws@w3.org from March 2002)

From: Anne Thomas Manes <anne@manes.net>
Date: Tue, 5 Mar 2002 23:18:18 -0500
To: "Michele Costabile" <mico@zucchetti.com>, <www-ws@w3.org>
Message-ID: <CJEIKEMEBAONGDDNLEKFMEIBDNAA.anne@manes.net>

Mico,

Henrik's point is not that mechanisms shouldn't be defined, just that it's
not within the charter of the Architecture group to define thes mechanisms.
It is within the charter of the Architecture group to identify which
mechanisms should be defined, but a separate working group should actually
define the mechanisms.

Best regards,
Anne

> -----Original Message-----
> From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On Behalf Of
> Michele Costabile
> Sent: Tuesday, March 05, 2002 4:32 AM
> To: Henrik Frystyk Nielsen; Anne Thomas Manes; www-ws@w3.org
> Subject: RE: Security?
>
>
> I think I need a clarification.
> Most security schemes I have seen lately (an ten are invented every hour)
> use SOAP headers in some way and some level of cryptography.
> All of the SOAP services that will be offered for a fee will have some
> schema of licensing, i.e. will tweak SOAP headers.
> SOAP headers are not described in WSDL.
> I think we need at least a way to express
> i) which headers should be there
> ii) the two or three more commmon semantics of headers, like
> someHeader1 is
> a kerberos ticket while header thatHeader is a user login
> iii) an extension mechanism for everything else.
>
> If WS-Arch steers too clear of defining mechanisms we will lose
> the ability
> of dynamic configuration for all the web services not offered for free.
>
>
> > -----Original Message-----
> > From: Henrik Frystyk Nielsen [mailto:henrikn@microsoft.com]
> > Sent: venerdi 15 febbraio 2002 18.23
> > To: Anne Thomas Manes; Michele Costabile; www-ws@w3.org
> > Subject: RE: Security?
> >
> >
> >
> > As a friendly amendment, while it is certainly within the scope [1] of
> > the WS-Arch WG to consider security and licensing, it doesn't seem to be
> > within its scope to actually define such mechanisms.
> >
> > Henrik
> >
> > [1] http://www.w3.org/2002/01/ws-arch-charter
> >
> > >No formal activity is underway at this time to standardize WS
> > >Security protocols. We just recently formed the Web Services
> > >Architecture Working Group, and one of the goals of this group
> > >is to address security. See http://www.w3.org/2002/01/ws-arch-charter
> > >
> > >Best regards,
> > >
> > >Anne Thomas Manes
> > >CTO, Systinet
> > >www.systinet.com
> > >
> > >> -----Original Message-----
> > >> From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On
> > >Behalf Of
> > >> Michele Costabile
> > >> Sent: Friday, February 15, 2002 11:37 AM
> > >> To: www-ws@w3.org
> > >> Subject: Security?
> > >>
> > >>
> > >> There are a lot of emergin models for applying security to web
> > >> services, e.g. using SOAP header to transport Kerberos tickets or
> > >> licence data. Is W3C working on a common specification for security
> > >> and licensing in WS?
> >
>

Received on Tuesday, 5 March 2002 23:18:42 UTC