[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Web Services Security Scenarios - Use Case
Hi,
At the last meeting Luc asked me to send some use cases that could inform our discussion on how to decorate a service in UDDI with its WS-Security requirements.
The WS-I Security Challenges, Threats and Countermeasures Version 1.0 document provides useful background http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf
I’d like to start off with one use case, to see if it is the sort of thing we want. The use case is buying something over the web in a secure way, with a confidential response. In this case the credit card number is signed with the sender’s private key, so they send their public key with the request so that the receiver can validate the signature. The credit card details must also be encrypted with the receiver’s public key, (after being signed). The response must be encrypted with the sender’s public key (which was sent on the request).
Please let me know if the use case should be set out in a different way.
We can easily extract simpler cases from this one.
Regards
Dave Prout BT
From:
Luc Clement [mailto:luc.clement@systinet.com]
Welcome aboard Oleg. For the purpose of your records, you will obtain voting rights the lesser of 3 TC meetings or the 28 July 2004.
The next TC call is at 15:30ET on 14 June.
Luc
Luc Clément | Co-Chair OASIS UDDI TC | Senior Program Manager | Systinet Corporation | Phone +1 781.362.1330
|
From:
Oleg Mikulinsky [mailto:oleg.mikulinsky@weblayers.com]
Luc,
I intent to join as a prospective member and obtain voting rights per OASIS process. Look forward meeting you all (virtually). ;)
Regards, Oleg.
From:
Luc Clement [mailto:luc.clement@systinet.com] Oleg,
Please read the following and reply to this email confirming your intention to join as a Prospective Member. You should note that as an Observer you can provide input which may satisfy your needs. If however you intend to obtain voting rights, then you need to join as a Prospective Member which requires you to obtain and maintain good standing. Please take a moment to look over the membership rules (along with the requirements to obtain and maintain good standing): Participation and membership: http://www.oasis-open.org/committees/process.php#2.4 and termination: http://www.oasis-open.org/committees/process.php#2.5. Please also review the OASIS IPR policy (http://www.oasis-open.org/committees/process.php#2.17) – it is necessary that you fully understand the implications of the OASIS IPR policy.
To conclude, please reply with your intention of joining either as a prospective member or maintaining a status of observer. We look forward to your participation.
Luc
Luc Clément | Co-Chair OASIS UDDI TC | Senior Program Manager | Systinet Corporation | Phone +1 781.362.1330
|
From:
Oleg Mikulinsky [mailto:oleg.mikulinsky@weblayers.com]
Gentlemen,
I would like to join UDDI Specification group as a member.
I have been in observer role in UDDI group for about a month now, as well as a contributing member to the OASIS SOA-RM. group. And I have been reading recent thread's about describing service related policies in UDDI with a great interest. In the last couple of years, I was involved with several UDDI deployments as principal consultant / architect, as well as authored several architecture specifications, policies and best practices for fortune 500 companies. I believe I have knowledge and expedience to contribute to this group.
Best regards,
Oleg Mikulinsky Director of Enterprise Architecture WebLayers, Inc. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]