- From: Rich Salz <rsalz@datapower.com>
- Date: Mon, 14 Mar 2005 11:43:47 -0500
- To: Ashok Malhotra <ashok.malhotra@oracle.com>
- CC: Hugo Haas <hugo@w3.org>, public-ws-addressing@w3.org
> In my view, all the security information shd be collected together and > shd go in the policy sub-bucket of the metadata bucket. What policy sub-bucket? The latest draft only mentions policy in the edit history -- "removed reference to ws-policy" :) > But there are > many subtleties here depending on which direction the message is flowing etc. No, it's only about securing the EPR. It has nothing to do with message flow, just with how you secure the EPR when you bind it into a message. > I suggest that the WS-Addressing WG not attempt to solve this problem. I think ws-addressing MUST say how to secure EPR's. It should have a specific container for "the elements in here are used to secure this EPR." > The details shd be left to another WG. I'm curious: which one(s) are likely candidates? I think issues this recommendation, and then waiting for WS-I to get around to profiling how to acutally use the metadata bucket so that client and server(s) can have secure EPRs is a big mistake. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
Received on Monday, 14 March 2005 16:43:24 UTC