wsdm message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [wsdm] Security Question: MOWS: Managing Secure Web services
- From: "Sedukhin, Igor S" <Igor.Sedukhin@ca.com>
- To: "Jeff Bohren" <jbohren@opennetwork.com>,"Heather Kreger" <kreger@us.ibm.com>,<wsdm@lists.oasis-open.org>
- Date: Mon, 7 Jun 2004 16:49:08 -0400
Title: Message
This is good start.
Let's get going from Metrics to Audit (what you called
notifications). Discuss, define capabilities, get them into the
spec.
I would put configuration later on the list as it may need
to be coordinated with what SPML and groups like that are
doing.
-- Igor
Sedukhin .. (igor.sedukhin@ca.com)
-- (631) 342-4325 .. 1 CA Plaza,
Islandia, NY 11788
Similar to the other thread, I would have the following
categories:
Configuration:
Transport level authentication settings
PKI Info (server cert, trusted CAs, CRLs)
TLS Configuration
HTTP restrictions (allowed verbs, etc)
SOAP specific security settings
Metrics:
Successful Authentications (total, per time period,
etc)
Failed Authentications
Successful Authorizations
Failed Authorizations
Notifications:
Failed Authentications
Failed Authorizations
Policies:
Access control rules
One
intersting question to me is whether the transport level security is managed on
the same resource as the SOAP security? In other words a SOAP/HTTPS endpoint
could have security at the transport level (via HTTPS, Basic Auth, etc) and at
the SOAP level (WSS). Is this considered the same WSDM resource, or is there one
resource for the HTTPS endpont and one for the SOAP end
point?
Jeff Bohren
Product Architect
OpenNetwork Technologies,
Inc
Try the
industry's only 100% .NET-enabled identity management software.
Download your free copy of Universal IdP Standard Edition today. Go to
www.opennetwork.com/eval.
per our call today, I'm
starting this email thread on managing policies for secure Web services.
Given that security can be managed for 'any IT
resource' using WSDM, are there specific additional
requirements
when that IT resource is a Web
service?
Heather Kreger
STSM, Web Services Lead Architect for SWG Emerging
Technologies
Author of "Java and JMX: Building
Manageable Systems"
kreger@us.ibm.com
919-543-3211 (t/l 441)
cell:919-496-9572
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]