Draft wording for security section

[David Hull <dmh@tibco.com>]

Here is a rough draft of text to be added to section 6 (Security).  I'm not entirely happy with the wording, but I believe it covers what we discussed in yesterday's session.

---

In addition to the usual concerns of authorization and message integrity which apply to all web services, notification presents issues all its own due to the third-party nature of subscription.  Since the NotificationProducer is agreeing to produce Notifications for a consumer based on the requests of a Subscriber, it must assure itself that there is no harm in producing these Notifications.  A malicious Subscriber may request Notifications be sent to a party that is not authorized to receive them.  It may also mount DOS attacks by requesting large volumes of Notifications be sent to parties that cannot handle them.

The NotificationProducer may address these risks in many different ways, including but not limited to:

• Simply trusting all Subscribers, perhaps because all parties are known to be on a closed, trusted, network.
• Requiring all Subscribers to provide secure credentials proving that they are trusted to make subscriptions.
• Refusing to send notifications to NotificationConsumers that are not known to be authorized.
• Explicitly confirming with NotificationConsumers that they wish to receive the Notifications that the Subscriber has requested.
• Some combination of the above, depending on the identity of the Subscriber and NotificationProducer
  

NotificationProducers SHOULD advertise, whether through policy assertions or other means, what security measures they take.