[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Comments on Security Policy and a Suggestion
At yesterday's WS-SX F2F meeting I suggested that part of this analysis could be based on the WS-I "Security Challenges, Threats and Countermeasures Version 1.0" document [1]. /paulc [1] http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf Paul Cotton, Microsoft Canada 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com > -----Original Message----- > From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com] > Sent: April 5, 2006 12:08 PM > To: ws-sx@lists.oasis-open.org > Subject: [ws-sx] Comments on Security Policy and a Suggestion > > Recently, Prateek and I and our product folks started looking at > SecurityPolicy > and we were dismayed by the breadth and the complexity. I doubt that most > people > could author Security Policies. Also, it's not clear if the specification > works -- in that > there may be practical situations that users want to express than cannot > be expressed > by Security Policy. > > So, I thought that what may be useful is to create a small number of > usecases that > represent typical customer usages of security in Web Services. Then we > try and write > Policies for these use cases and see what happens. > > I foresee two benefits from such an exercise: > - We will find bugs and other usage problems and validate the design. > - The resulting policies will be very useful and many users will just be > able to use these canned policies for their work. > > I can try and write the policies but someone else needs to provide the > usecases. > > All the best, Ashok
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]