[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] RE: Willingness based on Trust discussion
On May 13, 2009, at 4:22 AM, mpoulin@usa.com wrote: > I have just three notes but prefer not using this computer for file > detachmentSorry for the inconvenience. So, here they are: > > 1) in the section Background: From SOA-RM: The initiator in a > service interaction MUST be aware of the other parties I think > there should be party because there are only two participants in > each individual interaction. If we also consider a broadcast-like > interaction, awareness about other parties is OPTIONAL, not MUST. > The intent here is at some point one participant needs to be aware of the other to initiate the interaction. How that awareness is accomplished is not specified. > 2) in the section Inputs for SOA-RA: Although the objective of any > SOA interaction is no Risk I think that this is not necessary > correct; I have never heard about such objective as no Risk, it does > not exist as well as absolute security. I propose the following: > interaction is minimal Risk or interaction is acceptable Risk > Agreed. Life is risk. The intent is to mitigate risk or only take risks when they are outweighed by the expected/desired rewards. > 3) in the section Inputs for SOA-RA: Although the SOA-RM states, > policies may be documented in the service description, in fact they > can be established at any time in the SOA conversation and at any > level of the IP Stack (e.g. SSL with both Server and Client > Certificates) I do like this line of thoughts; to continue it we > can say something like: Policies established during the SOA > conversation MUST be included into the service contract (in addition > to and/or instead of the policies identified before the SOA > conversation). > The intent is to use service description to inform others what are the default policies if no attempt is made to agree otherwise. The example I gave today was I say I want policy A but am willing to accept policy B. You may tell me you accept policy B but prefer policy C. The eventual agreement is part of the execution context. > Plus, SSL with both Server and Client Certificates does not seem to > me as a policy but rather as a result of the policy application. The > policy in this case might be formulated as Communication between > Server and Client must use SSL with both Server and Client > Certificates > > - Michael > > ________________________________________ > Subject: Willingness based on Trust discussion > From: "David E. Ellis" <dellis@sandia.gov> > To: "'Ken Laskey'" <klaskey@mitre.org>,"'Rex Brooks'" <rexb@starbourne.com > > > Date: Tue, 12 May 2009 08:01:18 -0600 > ________________________________________ > Title: Willingness based on Trust discussion > Ken, Rex > Attached is a preliminary discussion of Trust. I feel we need more > words but please review for tomorrows meeting. I will try to attend > but I am in a IUBIP conference. > Dave <<...>> > <Trust section.doc> ----------------------------------------------------------------------------- Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive fax: 703-983-1379 McLean VA 22102-7508
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]