[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wsdm][security-action item] Summary of discussion as of 7/8/04
Andreas Dharmawan wrote: > . . . . . . . > *_Security of Manageability vs. Manageability of Security_* (Jeff Bohren) > > * > *Security of Manageability* - The security of the Manageability > Provider and the underlying communications protocols. How are > the management requests authenticated? How are management > requests authorized and audited? > * > *Manageability of Security* - What security information on the > managed resource can be managed by the Manageability Provider. > How is this information presented to the Manager. In MOWS, there > is the specific use case of managing the configuration of the > Web Service Security infrastructure for that web service (among > other things). > > *_Security Considerations between Manager and Manageability Provider_* > (Andreas Dharmawan) > > * > In an enterprise there will be many manageability resources that > belong to many different departments. > * > Multiple managers may involve in the management of different > resources from different departments. > * > Managers may be interacting with the manageability providers > from the intranet, extranet, and intranet. > * > Samples of security considerations: > o > Authentication and Authorization > o > Confidentiality > o > Non-repudiation > o > Schema Validation > o > Standard Compliance > * > The same manager may be required to use different kinds of > credentials when accessing a manageable provider based on > whether s/he in the intranet, extranet, or internet. > > "Integrity" would appear to be another very common and important "security" consideration. Also, just out of curiosity...... do you really mean Standards Compliance or do you actually mean Standards Conformance? According to the ISO standard of relevance (ISO 10746-1: Open Distributed Processing Reference Model - Part 1: Overview and Guide to Use) (quoting verbatim from section 9.2): "Conformance is a relation between a specification and a real implementation, such as an example of a product. It holds when specific requirements in the specification (the conformance requirements) are met by the implementation. Conformance assessment is the process through which this relation is determined." "Compliance is a relation between two specifications, A and B, that holds when specification A makes requirements which are all fulfilled by specification B (when B complies with A)." Thanks, Jishnu. -- Jishnu Mukerji Senior Systems Architect 1001 Frontier Road, Suite 300 Technology Office Bridgewater NJ 08807, USA Management Software Organization Tel: +1 908 243 8924 Hewlett-Packard Company Fax: +1 908 243 8850 mailto: jishnu@hp.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]