OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: ebXML Security subteam - proposal v0.11


Title: RE: ebXML Security subteam
 
Suresh, good document. A few comments that I had are dispersed in
the attached document in red.
 
 
One question I have to the team is - going ahead, should we identify terminology
for each of the security concern in addition to the verbal description. In the attached
document, I have used terms from RFC 2828 for the security concerns under section 3.1
 
As far as priorities of the different security concerns, I think the
access control related concerns take a higher priority over the
integrity related concerns. At least for private registries, integrity
risk is generally not an issue. However access control is mostly
required. For public registries, a weak access control can be
one of the fundamental causes compromising the integrity of the content.
 
Sorry for the delay in responding.

thanks,
Sanjay Patil
----------------------------------------------------------------------------------------------------------
IONA
Total Business Integration (TM)
Phone: 408 350 9619                                 http://www.iona.com

-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Monday, August 20, 2001 11:47 AM
To: 'regrep-security@lists.oasis-open.org'; 'dennisc@nii.org.tw'; 'Michael Joya'; 'spatil@iona.com'
Subject: RE: ebXML Security subteam - proposal v0.11
Importance: High

Team,
 
Here is the updated proposal. I hope there is enough basis
in this document for us to make decisions on what is absolutely necessary
for V2. Please be ready to fill in Table 2 by next meeting - Thursday 5-6PM Eastern (tentative).
Please let me know earlier than Thursday if you think there is not enough info to fill
 these tables earlier - especially, if you cannot make it to the meeting.
 
Regards,
 
-Suresh
 
PS: If you are not already in regrep-security mailing list, please become one.

ebXML-Registry-SecurityRisks1.doc



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC