OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi-sksml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ekmi] Groups - SKSML Requirements (SKSML-Requirements.odt)uploaded

Mike,

I will review these documents, although this will take a little
time - they're fairly lengthy.

However, I would like to make a point that if SKSML, with its
layered protocols of Web Services Security (WSS), XML Signature
and XML Encryption address the spirit of the NIST recommendations,
then we should forge ahead and prove to NIST that we have addressed
the security concerns.

If you have a summary of these documents that describe the security
principles that NIST recommends, that will make it significantly
easier for us to discuss and move forward.

Thanks for bringing these to our attention.

Arshad Noor
StrongAuth, Inc.

Mike Nelson wrote:
> Arshad,
> 
> Would you see it as appropriate to include in item IV (use of existing
> standards) a reference to a requirement to meet, at a minimum, the criteria
> established by NIST (see links below)?  If not here, I think we need to
> factor the criteria into the end product in some way as it is becoming the
> benchmark against which assurances of control effectiveness are measured.
> 
> <http://csrc.nist.gov/publications/nistpubs/800-56A/sp800-56A_May-3-06.pdf>
> 
> <http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf>
> 
> <http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf>
> 
> 
> On 2/16/07 3:19 AM, "arshad.noor@strongauth.com"
> <arshad.noor@strongauth.com> wrote:
> 
> 
>>Please review for discussion.  Thank you.
> 
> 
>  -- Arshad Noor*
> 
> The document
> 
>>named SKSML Requirements (SKSML-Requirements.odt) has been
> 
> submitted by Arshad
> 
>>Noor* to the EKMI Symmetric Key Services Markup
> 
> Language (SKSML) SC document
> 
>>repository.
> 
> 
> Document Description:
> This document (ODF) describes the
> 
>>requirements for the Symmetric Key
> 
> Services Markup Language.
> 
> View Document
> 
>>Details:
> 
> http://www.oasis-open.org/apps/org/workgroup/ekmi-sksml/document.php?
> 
>>document_id=22478
> 
> 
> Download Document:
> 
> http://www.oasis-open.org/apps/org/workgroup/ekmi-sksml/download.php/22478/SK
> 
>>SML-Requirements.odt
> 
> 
> 
> PLEASE NOTE:  If the above links do not work for you,
> 
>>your email application
> 
> may be breaking the link into two pieces.  You may be
> 
>>able to copy and paste
> 
> the entire link address into the address field of your
> 
>>web browser.
> 
> 
> -OASIS Open Administration
> 
> 
> 
> 
> --
> Mike Nelson, CAP, CISA, CISM, CISSP, ITIL
> mnelson@securenet-technologies.com or mrfisma@gmail.com
> www.securenet-technologies.com or www.fisma.us
> blog: mrfisma.blogspot.com
> 
> 
> 
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]