[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Security - summary of issues and allocation to versions
Tim, In general I agree with your list of things we need to decide about. I have a few comments: V 1.1 Work Items 2. Clarification of namespace supported: Regarding independence of the specs, the CPP-CPA spec should contain what is needed to configure the MSH when the CPA is used. In other words, the CPP/CPA should be consistent with MSG in all elements and attributes. For the case where the CPA is not used, it is the MSG team's responsibility to specify the choices for items that are normally specified in the CPA. 6. Lack of processing rules: It isn't clear whether this topic is suggesting things needed in the CPA or calling attention to MS Spec deficiencies. 7. Key Management: I believe that key management is too large an issue for V. 1.1. 8. "Encouragement" of selected protocols: Is it your intention to add all these points to the CPP-CPA spec as non-normative recommendations? V 2.0 Issues 4.2 Super schema for CPP+CPA: We already have a single schema that defines both CPP and CPA. Therefore I don't understand what you are proposing. Regards, Marty ************************************************************************************* Martin W. Sachs IBM T. J. Watson Research Center P. O. B. 704 Yorktown Hts, NY 10598 914-784-7287; IBM tie line 863-7287 Notes address: Martin W Sachs/Watson/IBM Internet address: mwsachs @ us.ibm.com ************************************************************************************* "Collier, Timothy R" <timothy.r.collier@intel.com> on 08/27/2001 02:29:36 AM To: ebxml-cppa@lists.oasis-open.org cc: Subject: Security - summary of issues and allocation to versions All, I have attempted to consolidate Martys' changes doc, the security analysis doc, and issues raised in emails from Arvola. The text is cut from the corresponding source doc. It also suggests my thoughts on where they might go in the upcoming versions. How these were allocated- if it "fixes" something that was in v1.0, then I put it into v1.1; if it was clearly "new" functionality, then I put it into v2.0; if it wasn't neither of the above, then it is in v???. A couple of the big issues, for v1.1, we need to agree to - 1) Are profiles and policies something for v1.1? 2) Can we resolve with MSH and BPSS the issue of message "nonrepudiation"? Please take the attached document as a starting point for discussion. Tim
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC