[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: ebXML Security subteam - proposal v0.11
Farrukh, I would be interested to know your thinking behind putting access control at lower priority compared with integrity related Security concerns. Ex. your feedback rates items 2a and 2b as of priority C and item 1 as priority b. I tend to think of access control as a high priority concern. thanks, Sanjay Patil ---------------------------------------------------------------------------- ------------------------------ IONA Total Business Integration (TM) Phone: 408 350 9619 http://www.iona.com -----Original Message----- From: Farrukh Najmi [mailto:Farrukh.Najmi@Sun.COM] Sent: Thursday, August 23, 2001 4:38 AM To: Patil, Sanjay Cc: 'Damodaran, Suresh'; 'regrep-security@lists.oasis-open.org'; 'dennisc@nii.org.tw'; 'Michael Joya'; sekhar vajjhala Subject: Re: ebXML Security subteam - proposal v0.11 Oops I forgot my attachment of Suresh's good document with my comments in Red. "Patil, Sanjay" wrote: > Suresh, good document. A few comments that I had are dispersed inthe > attached document in red. One question I have to the team is - going > ahead, should we identify terminology for each of the security concern > in addition to the verbal description. In the attached document, I > have used terms from RFC 2828 for the security concerns under section > 3.1 As far as priorities of the different security concerns, I think > theaccess control related concerns take a higher priority over > theintegrity related concerns. At least for private registries, > integrityrisk is generally not an issue. However access control is > mostlyrequired. For public registries, a weak access control can beone > of the fundamental causes compromising the integrity of the > content. Sorry for the delay in responding.thanks, > Sanjay Patil > > ---------------------------------------------------------------------------- ----------------------------- > > IONA > Total Business Integration (TM) > Phone: 408 350 9619 > http://www.iona.com > > -----Original Message----- > From: Damodaran, Suresh > [mailto:Suresh_Damodaran@stercomm.com] > Sent: Monday, August 20, 2001 11:47 AM > To: 'regrep-security@lists.oasis-open.org'; > 'dennisc@nii.org.tw'; 'Michael Joya'; 'spatil@iona.com' > Subject: RE: ebXML Security subteam - proposal v0.11 > Importance: High > > Team,Here is the updated proposal. I hope there is enough > basisin this document for us to make decisions on what is > absolutely necessaryfor V2. Please be ready to fill in Table > 2 by next meeting - Thursday 5-6PM Eastern > (tentative).Please let me know earlier than Thursday if you > think there is not enough info to fill these tables earlier > - especially, if you cannot make it to the > meeting. Regards,-SureshPS: If you are not already in > regrep-security mailing list, please become one. > -- Regards, Farrukh
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC