[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-brsp-comment] Re: 15-day Public Review for Basic Security Profile Version 1.1 - ends September 13th
Thanks you for your comments Anish. We will discuss it in next meeting. -jacques -----Original Message----- From: ws-brsp-comment@lists.oasis-open.org [mailto:ws-brsp-comment@lists.oasis-open.org] On Behalf Of Anish Karmarkar Sent: Monday, September 08, 2014 1:43 PM To: ws-brsp-comment@lists.oasis-open.org Subject: [ws-brsp-comment] Re: 15-day Public Review for Basic Security Profile Version 1.1 - ends September 13th The new PR draft relaxes the requirements from mandating SHA-1 to mandating either SHA-1 or any of the SHA-2 algorithms (extensibility point E0014). Understandable given the issues with SHA-1. But the profile goes to great lengths to ensure interoperability when using SHA-1 (see R5421 and similar requirements). It specifies how to communicate with the other side that SHA-1 is being used. There is nothing comparable specified for SHA-2. Given that the fundamental reason the profiles were created were to enable interoperability, it makes sense to include the same level (or equivalent) of interop requirements for SHA-2 as there are for SHA-1. Thanks and regards. -Anish Karmarkar WS-I Member Section Steering Committee member -- On 8/29/14, 11:00 AM, Paul Knight wrote: > OASIS members, > > The WS-BRSP TC members [1] have produced an updated Committee > Specification Draft (CSD) and submitted this specification for 15-day > public review: > > Basic Security Profile Version 1.1 > Committee Specification Draft 02 / Public Review Draft 02 > 06 August 2014 > > Specification Overview: > > The Basic Security Profile is an extension profile to the Basic > Profile (either v1.1 or v1.0), consisting of a set of clarifications, > refinements, interpretations and amplifications to a combination of > non-proprietary Web services specifications in order to promote > interoperability. It is designed to support the addition of security > functionality to SOAP messaging. > > Public Review Period: > > The public review starts 30 August 2014 at 00:00 UTC and ends 13 > August > 2014 at 23:59 UTC. > > This is an open invitation to comment. OASIS solicits feedback from > potential users, developers and others, whether OASIS members or not, > for the sake of improving the interoperability and quality of its > technical work. > > URIs: > > The prose specification document and related files are available here: > > Editable source (Authoritative): > http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd02/B > asicSecurityProfile-v1.1-csprd02.doc > > HTML: > http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd02/B > asicSecurityProfile-v1.1-csprd02.html > > PDF: > http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd02/B > asicSecurityProfile-v1.1-csprd02.pdf > > Additional information about this specification and the OData TC may > be found on the TC's public home page located at: > > http://www.oasis-open.org/committees/ws-brsp/ > > Comments may be submitted to the TC by any person through the use of > the OASIS TC Comment Facility which can be accessed via the button > labeled "Send A Comment" at the top of the TC public home page, or directly at: > > http://www.oasis-open.org/committees/comments/form.php?wg_abbrev=ws-br > sp > > Feedback submitted by TC non-members for this work and for other work > of this TC is publicly archived and can be viewed at: > > http://lists.oasis-open.org/archives/ws-brsp-comment/ > > All comments submitted to OASIS are subject to the OASIS Feedback > License, which ensures that the feedback you provide carries the same > obligations at least as the obligations of the TC members. In > connection with this public review of 'Basic Security Profile Version > 1.1', we call your attention to the OASIS IPR Policy [2] applicable > especially [3] to the work of this technical committee. All members of > the TC should be familiar with this document, which may create > obligations regarding the disclosure and availability of a member's > patent, copyright, trademark and license rights that read on an approved OASIS specification. > > OASIS invites any persons who know of any such claims to disclose > these if they may be essential to the implementation of the > > above specification, so that notice of them may be posted to the > notice page for this TC's work. > > ========== Additional references: > > [1] OASIS Web Services Basic Reliable and Secure Profiles (WS-BRSP) TC > http://www.oasis-open.org/committees/ws-brsp/ > > [2] http://www.oasis-open.org/policies-guidelines/ipr > > [3] http://www.oasis-open.org/committees/ws-brsp/ipr.php > https://www.oasis-open.org/policies-guidelines/ipr#s10.3 > Non-assertion Mode > > Best regards, > Paul > -- > Paul Knight <mailto:paul.knight@oasis-open.org> - Tel: +1 > 781-861-1013 OASIS <https://www.oasis-open.org/> - Advancing open > standards for the information society Document Process Analyst > <https://www.oasis-open.org/people/staff/paul-knight> > -- This publicly archived list offers a means to provide input to the OASIS Web Services Basic Reliable and Secure Profiles (WS-BRSP) TC. In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting. Subscribe: ws-brsp-comment-subscribe@lists.oasis-open.org Unsubscribe: ws-brsp-comment-unsubscribe@lists.oasis-open.org List help: ws-brsp-comment-help@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/ws-brsp-comment/ Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Committee: http://www.oasis-open.org/committees/ws-brsp Join OASIS: http://www.oasis-open.org/join/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]