[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ebXML Security subteam - proposal v0.11
Sorry for my late response as well. I figure I better send my thoughts on V2.0 security features, however half baked they may be. Must Have Features --------------------- -Clarify signing requirements and use of digital signatures so it is unambiguous and easy to understand. -Allow Custom Access Control Policy management (decide if object level or method level is needed) Nice To Have Features ------------------------ -Allow User administration (How to register a User) Deliverables ------------ -Re-written security sections of RIM and RS for ease of use and ease of implementation -ACL definition in RIM -Changes to RS on how to use ObjectManager to submit ACL and possibly User objects. Existing SubmitObjectsRequest may suffice. -Update XML Schema for ACL etc. Milestones ----------- Ideally: Have initial proposal for sub-team in 1 week Have initial proposal for TC in 2 weeks "Patil, Sanjay" wrote: > Suresh, good document. A few comments that I had are dispersed inthe > attached document in red. One question I have to the team is - going > ahead, should we identify terminology for each of the security concern > in addition to the verbal description. In the attached document, I > have used terms from RFC 2828 for the security concerns under section > 3.1 As far as priorities of the different security concerns, I think > theaccess control related concerns take a higher priority over > theintegrity related concerns. At least for private registries, > integrityrisk is generally not an issue. However access control is > mostlyrequired. For public registries, a weak access control can beone > of the fundamental causes compromising the integrity of the > content. Sorry for the delay in responding.thanks, > Sanjay Patil > > --------------------------------------------------------------------------------------------------------- > > IONA > Total Business Integration (TM) > Phone: 408 350 9619 > http://www.iona.com > > -----Original Message----- > From: Damodaran, Suresh > [mailto:Suresh_Damodaran@stercomm.com] > Sent: Monday, August 20, 2001 11:47 AM > To: 'regrep-security@lists.oasis-open.org'; > 'dennisc@nii.org.tw'; 'Michael Joya'; 'spatil@iona.com' > Subject: RE: ebXML Security subteam - proposal v0.11 > Importance: High > > Team,Here is the updated proposal. I hope there is enough > basisin this document for us to make decisions on what is > absolutely necessaryfor V2. Please be ready to fill in Table > 2 by next meeting - Thursday 5-6PM Eastern > (tentative).Please let me know earlier than Thursday if you > think there is not enough info to fill these tables earlier > - especially, if you cannot make it to the > meeting. Regards,-SureshPS: If you are not already in > regrep-security mailing list, please become one. > -- Regards, Farrukh
begin:vcard n:Najmi;Farrukh tel;work:781-442-0703 x-mozilla-html:FALSE url:www.sun.com org:Sun Microsystems;Java Software adr:;;1 Network Dr. MS BUR02-302;Burlington;MA;01803-0902;USA version:2.1 email;internet:najmi@east.sun.com fn:Farrukh Najmi end:vcard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC