security-services message

Subject: RE: reminder: OASIS Security Services TC

From: Jeremy Epstein <jepstein@webmethods.com>
To: "Chanliau, Marc" <MChanliau@netegrity.com>,"CRAWFORD, Mark" <MCRAWFORD@lmi.org>, Karl Best <karl.best@oasis-open.org>,members@lists.oasis-open.org, tc-announce@lists.oasis-open.org,security-services@lists.oasis-open.org
Date: Wed, 20 Dec 2000 13:33:22 -0500

Title: RE: reminder: OASIS Security Services TC

>> 2) how will this work be different than the W3C XML security work scheduled to start after the first of the year?<<

I'm not familiar with what the W3C XML security work is about. The OASIS TC is the place where authentication and authorization issues will be discussed, with possible extensions to other security domains. One of the goals is to be able to interface with other standards and protocols (SOAP, ebXML, and soon languages such as HKMS, etc.)

The W3C XML effort is called "XML encryption". It's an effort to establish how to encrypt part or all of an XML document in a standardized way. The focus of this effort (through OASIS) is in representing authentication and authorization questions and answers as XML documents. The OASIS security services TC will be layered on the XML encryption effort, as well as other W3C XML efforts (e.g., the joint W3C/IETF "XML signature" project which is nearing completion). So they're complementary, not competitive.

--Jeremy

-----------------------------------------------------------
Jeremy Epstein                          voice: 703-460-5852
Security Architect                        FAX: 703-460-5999
webMethods, Inc.                         cell: 703-989-8907
Fairfax Virginia             email: jepstein@webMethods.com
-----------------------------------------------------------

References:
- RE: reminder: OASIS Security Services TC
  - From: "Chanliau, Marc" <MChanliau@netegrity.com>