OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

business-transaction message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Security reqs v.02


Bill,

Thanks for sending out the security material.  I have comments based on your
documents:

- Your list of relevant standards activities capture the current state of
the market with respect to security in XML-based architectures.

- A security issue omitted from your list is duration.  When are
participants permitted to timeout their respective tokens?  I know that this
was talked about at some of the modeling meetings.  Perhaps Alastair can
comment.

- With respect to identity, I can envision a BTP network that underlies an
identity scheme.  Imaging a user wants some work done.  In turn the user's
application passes the request down the stack to a BTP layer that is
authenticated at the organizational level.  I am not sure that SSO will do
the trick in this case.


	Thanks,

	Mark



> -----Original Message-----
> From: Bill Pope [mailto:bpope@bowstreet.com]
> Sent: Thursday, June 28, 2001 1:53 PM
> To: BT (main list) (E-mail)
> Subject: Security reqs v.02
>
>
>
> Find attached two documents.
> Draft 2 of the security issues document.
> Draft 1 of the external activity report.
>
> Comments are invited,
> =bill
>
> William Z Pope                                    Bowstreet
> +1 603 559 1538                           One Harbour Place
> bpope@bowstreet.com                 Portsmouth NH 03801 USA
>
>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC