OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wsrp] Purpose of Section 9?

Hi Subbu,

to b) yes I will pick this up once I completly recover. Unfortunatly I had
to be absent since the last F2F for 6 weeks and still have an outstanding
surgery.
The surgery will take me out 'till the first or second week of august.
I will then pick up the work on security again.

Applogies, that my plans to start right after the F2F didn't work out for
me :-(

Mit freundlichen Gruessen / best regards,

        Richard Jacob
______________________________________________________
IBM Lab Boeblingen, Germany
Dept.8288, WebSphere Portal Server Development
WSRP Team Lead & Technical Lead
WSRP Standardization
Phone: ++49 7031 16-3469  -  Fax: ++49 7031 16-4888
Email: mailto:richard.jacob@de.ibm.com


                                                                           
             Subbu Allamaraju                                              
             <subbu@bea.com>                                               
                                                                        To 
             07/04/2005 01:30          wsrp <wsrp@lists.oasis-open.org>    
             AM                                                         cc 
                                                                           
                                                                   Subject 
                                       [wsrp] Purpose of Section 9?        
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




The Security section in V1 remained vague (for no fault of WSRP) about
handling security, particularly about the problems discussed post V1
such as user identity propagation, confidentiality and integrity.

Since those specs have evolved since, and stack implementations are
beginning to support those standards, leaving this section as is would
be confusing to readers.

I have two questions:

a. What does the TC think about updating this section with more direct
references to various security specs (W3C specs on signature and
encruption, OASIS specs on SAML and WS-Security and others). This would
atleast give an indication that this TC acknowledges those specs, and
recommends using those specs for solving security issues.

b. More than a year ago, Richard led some effort in identifying use
cases and candidate specs for solving those. Is there any interest in
renewing that discussion and come up with a tech note during the V2
timeframe?

In the absence of a tech note, updating sec 9 would become more
important for the V2 spec.

Regards,
Subbu

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]