[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] FW: SOAP Confidentiality and Integrity: NextStep?
Does the submission of the WS-Security specs to OASIS (and the meeting announced by Phill) mean that there will *not* be a "web services security" activity chartered within the W3C? - RL "Bob" --- > -----Original Message----- > From: Joseph Reagle [mailto:reagle@w3.org] > Sent: Tuesday, June 18, 2002 1:24 PM > To: www-ws-arch@w3.org > Cc: xml-encryption@w3.org; 3.org@w3.org; www-xkms@w3.org > Subject: SOAP Confidentiality and Integrity: Next Step? > > > > > This email is a final step in a thread in how to start work on providing > confidentiality and integrity for SOAP messages. I've discused a range of > security issues [1] with a conclusion that this topic (soap+xmldsig+xenc) > is most pressing; however, I was not able to find agreement that this issue > should be shoe-horned into an existing WG, instead it should be part of the > Web Services security. [2] > > Though I'm relatively ignorant of the ws-arch discussions, I've heard the > ws-arch WG is considering this issue and will try to have charters > available for work in July [3], but that the immediate issue might also be > delayed be consideration of the bigger issues. Consequently, I'd recommend > that a charter for work in the WS Activity be specified with a scope no > larger than [4] -- and potentially more narrow (e.g., without tokens). A > "web services security" community does not yet exist (or it does, but it's > fragmented) and starting work on this immediately not only commences with > the work, but helps build a community which then can contribute to the > larger discussion. For instance, because standardized security components > do not yet exist, specifications such as XKMS [5] may end up specifying > "one-off" versions in the short term. However, these could be contributed > to the WS work. We all know somebody who knows somebody who is in the other > WG, but sometimes that isn't quite enough. <smile/> > > In conclusion, I advocate a charter with specific and immediate terms, and > an active recruitment of participants. Please let me know if and how events > are likely to be otherwise. Thanks! > > > [1] http://lists.w3.org/Archives/Member/w3c-ac-forum/2002AprJun/0022.html > [2] http://lists.w3.org/Archives/Public/www-xenc-xmlp-tf/2002Jun/0002.html > [3] http://www.w3.org/2002/05/28-ws-cg-irc.txt > [4] > http://www-106.ibm.com/developerworks/security/library/ws-secure/?dwzone=sec > urity > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/ > html/ws-security.asp > [5] http://lists.w3.org/Archives/Public/www-xkms/2002Jun/0016.html > > > -- > Joseph Reagle Jr. http://www.w3.org/People/Reagle/ > W3C Policy Analyst mailto:reagle@w3.org > IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ > W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC