OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: ebXML Security subteam - proposal v0.11

Sorry for my late response as well. I figure I better send my thoughts
on V2.0 security features, however half baked they may be.

Must Have Features

-Clarify signing requirements and use of digital signatures so it is
unambiguous and easy to understand.

-Allow Custom Access Control Policy management (decide if object level
or method level is needed)

Nice To Have Features
-Allow User administration  (How to register a User)

-Re-written security sections of RIM and RS for ease of use and ease of
-ACL definition in RIM
-Changes to RS on how to use ObjectManager to submit ACL and possibly
User objects. Existing SubmitObjectsRequest may suffice.
-Update XML Schema for ACL etc.



Have initial proposal for sub-team in 1 week
Have initial proposal for TC in 2 weeks

"Patil, Sanjay" wrote:

>   Suresh, good document. A few comments that I had are dispersed inthe
> attached document in red. One question I have to the team is - going
> ahead, should we identify terminology for each of the security concern
> in addition to the verbal description. In the attached document, I
> have used terms from RFC 2828 for the security concerns under section
> 3.1 As far as priorities of the different security concerns, I think
> theaccess control related concerns take a higher priority over
> theintegrity related concerns. At least for private registries,
> integrityrisk is generally not an issue. However access control is
> mostlyrequired. For public registries, a weak access control can beone
> of the fundamental causes compromising the integrity of the
> content. Sorry for the delay in responding.thanks,
> Sanjay Patil
> ---------------------------------------------------------------------------------------------------------
> Total Business Integration (TM)
> Phone: 408 350 9619
> http://www.iona.com
>      -----Original Message-----
>      From: Damodaran, Suresh
>      [mailto:Suresh_Damodaran@stercomm.com]
>      Sent: Monday, August 20, 2001 11:47 AM
>      To: 'regrep-security@lists.oasis-open.org';
>      'dennisc@nii.org.tw'; 'Michael Joya'; 'spatil@iona.com'
>      Subject: RE: ebXML Security subteam - proposal v0.11
>      Importance: High
>      Team,Here is the updated proposal. I hope there is enough
>      basisin this document for us to make decisions on what is
>      absolutely necessaryfor V2. Please be ready to fill in Table
>      2 by next meeting - Thursday 5-6PM Eastern
>      (tentative).Please let me know earlier than Thursday if you
>      think there is not enough info to fill these tables earlier
>      - especially, if you cannot make it to the
>      meeting. Regards,-SureshPS: If you are not already in
>      regrep-security mailing list, please become one.

org:Sun Microsystems;Java Software
adr:;;1 Network Dr. MS BUR02-302;Burlington;MA;01803-0902;USA
fn:Farrukh Najmi

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC