[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [soa-rm-ra] Security and Joint Action
Based on the discussion last week about joint action and secure interactions, I will make updates to the Secure Interactions diagram by Wednesday. I will not use validity and empowerment in the update, however, it makes sense to use joint action where the message in the latest diagram is like a speech action and the action is like a listening action. The diagram is currently focused on relating some concepts to the stakeholder/listener as opposed to both the participant/speaker and the stakeholder/listener. For example, authority applies equally to the participant performing the speech action (authority to send a message) and stakeholder and/or participant performing the listening action. Joint action can more adequately represent the equality of relationships to the parties involved in the secure interaction. Danny -----Original Message----- From: Ken Laskey [mailto:klaskey@mitre.org] Sent: Monday, August 17, 2009 10:17 AM To: Francis McCabe Cc: soa-rm-ra@lists.oasis-open.org RA Subject: Re: [soa-rm-ra] Security and Joint Action Unfortunately, I'm back from vacation and trying to catch up on things that required more thought than I was willing to expend last week. Frank, what you are talking about is the classic verification (did I build/do what I was told to build/do?) and validation (did what I build/do address the initiating problem?). From a verification perspective, I am likely interested in integrity, confidentiality, and authentication but I also need authorization and non-repudiation. The validation of "is what is going on what is supposed to be going on?" addresses whether someone has solved the problem. Unless necessary, we should avoid introducing validity and empowerment as you speak to them because that is likely to create confusion unless we connect with V&V. Ken On Aug 12, 2009, at 12:44 PM, Francis McCabe wrote: > When considering the security of interaction two thoughts seem to be > important. > > Issue number one is: "is what is going on what every expects is going > on?" > Issue number two is: > on?" > > Both of these questions go well beyond security. However, in the > domain of secure interaction, the first is addressed in terms of > integrity, confidentiality and authentication: i.e., are the players > who we think they are and do we have the perimeter secured? > > The second speaks to authorization: do the players have the > appropriate authority to be doing what they are doing. > > As a matter of interest, the first is sometimes captured in terms of > the *validity* of an action or actions (including joint actions) and > the second is captured in terms of the *empowerment* of the actors. We > may not need to bring the concepts of validity and empowerment into > the secure interactions diagram; but they should inform us in our > design of the diagram. > > Note: joint actions show up in multiple levels in a given interaction. > Security also shows up in multiple levels. The concept of message does > not appear in all those levels -- only some. > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > ------------------------------------------------------------------------ ----- Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive fax: 703-983-1379 McLean VA 22102-7508 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]