- From: Dournaee, Blake <bdournaee@rsasecurity.com>
- Date: Tue, 18 Jun 2002 15:12:35 -0700
- To: "'reagle@w3.org'" <reagle@w3.org>
- Cc: www-xkms@w3.org
Joseph, All - Given that it looks like SOAP security will be rolled into ws-arch, what will become of [1]? Is [1] limited in some way? Why not make an equivalent SOAP-enc note to compliment this? Just out of curiosity... [1] http://www.w3.org/TR/SOAP-dsig/ Blake Dournaee Toolkit Applications Engineer RSA Security "The only thing I know is that I know nothing" - Socrates -----Original Message----- From: Joseph Reagle [mailto:reagle@w3.org] Sent: Tuesday, June 18, 2002 10:24 AM To: www-ws-arch@w3.org Cc: xml-encryption@w3.org; 3.org@w3.org; www-xkms@w3.org Subject: SOAP Confidentiality and Integrity: Next Step? This email is a final step in a thread in how to start work on providing confidentiality and integrity for SOAP messages. I've discused a range of security issues [1] with a conclusion that this topic (soap+xmldsig+xenc) is most pressing; however, I was not able to find agreement that this issue should be shoe-horned into an existing WG, instead it should be part of the Web Services security. [2] Though I'm relatively ignorant of the ws-arch discussions, I've heard the ws-arch WG is considering this issue and will try to have charters available for work in July [3], but that the immediate issue might also be delayed be consideration of the bigger issues. Consequently, I'd recommend that a charter for work in the WS Activity be specified with a scope no larger than [4] -- and potentially more narrow (e.g., without tokens). A "web services security" community does not yet exist (or it does, but it's fragmented) and starting work on this immediately not only commences with the work, but helps build a community which then can contribute to the larger discussion. For instance, because standardized security components do not yet exist, specifications such as XKMS [5] may end up specifying "one-off" versions in the short term. However, these could be contributed to the WS work. We all know somebody who knows somebody who is in the other WG, but sometimes that isn't quite enough. <smile/> In conclusion, I advocate a charter with specific and immediate terms, and an active recruitment of participants. Please let me know if and how events are likely to be otherwise. Thanks! [1] http://lists.w3.org/Archives/Member/w3c-ac-forum/2002AprJun/0022.html [2] http://lists.w3.org/Archives/Public/www-xenc-xmlp-tf/2002Jun/0002.html [3] http://www.w3.org/2002/05/28-ws-cg-irc.txt [4] http://www-106.ibm.com/developerworks/security/library/ws-secure/?dwzone=sec urity http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/ html/ws-security.asp [5] http://lists.w3.org/Archives/Public/www-xkms/2002Jun/0016.html -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Tuesday, 18 June 2002 18:12:42 UTC