[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: IDMEF/IODEF
Bob, One of the goals of the S2ML spec. was to provide a number of bindings for interactions based on a number of standard protocols. This has been called out in Section 6, Bindings to Messaging and Transport Protocols. Clearly, the breadth of this section needs to be scoped with some care (How many protocols?) and the Use-Cases and Requirements work should provide additional guidance in this direction. I am puzzled tho' by your thought that this might be completely out of scope for this group. Consider HTTP, for example, How should S2ML assertions be embedded within HTTP flows? What about consideration of the case when the client is limited to a browser? Without this information, I dont see how inter-operability between "security zones" is supported by S2ML or any succssor specification. - prateek > Obviously there are a substantial number of standardization > efforts going > on in more or less the same space as ours, namely XML-formatted data > objects transfered via any of several transports (HTTP, SMTP, > BEEP, etc). > One might observe that each of these is approaching security > in its own > way (or not at all) and conclude that it would be a useful goal of our > work to provide XML-based security services for the generic > XML-over-foo > protocol. I expect, though, that participants in this TC > would agree that > that is *not* what we're trying to do. Yes? If so we might > want to state > this as an explicit non-goal in our charter (and no I don't > have precise > wording at the moment) since I suspect this could be a likely point of > confusion, especially given the name of the group. > > - RL "Bob" > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC