OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: ebXML Security subteam - proposal v0.11


Farrukh, I would be interested to know your thinking
behind putting access control at lower priority compared
with integrity related Security concerns. Ex. your
feedback rates items 2a and 2b as of priority C and
item 1 as priority b.

I tend to think of access control as a high  priority concern.

thanks,
Sanjay Patil
----------------------------------------------------------------------------
------------------------------
IONA
Total Business Integration (TM) 
Phone: 408 350 9619                                 http://www.iona.com


-----Original Message-----
From: Farrukh Najmi [mailto:Farrukh.Najmi@Sun.COM]
Sent: Thursday, August 23, 2001 4:38 AM
To: Patil, Sanjay
Cc: 'Damodaran, Suresh'; 'regrep-security@lists.oasis-open.org';
'dennisc@nii.org.tw'; 'Michael Joya'; sekhar vajjhala
Subject: Re: ebXML Security subteam - proposal v0.11


Oops I forgot my attachment of Suresh's good document with my comments
in Red.

"Patil, Sanjay" wrote:

>   Suresh, good document. A few comments that I had are dispersed inthe
> attached document in red. One question I have to the team is - going
> ahead, should we identify terminology for each of the security concern
> in addition to the verbal description. In the attached document, I
> have used terms from RFC 2828 for the security concerns under section
> 3.1 As far as priorities of the different security concerns, I think
> theaccess control related concerns take a higher priority over
> theintegrity related concerns. At least for private registries,
> integrityrisk is generally not an issue. However access control is
> mostlyrequired. For public registries, a weak access control can beone
> of the fundamental causes compromising the integrity of the
> content. Sorry for the delay in responding.thanks,
> Sanjay Patil
>
>
----------------------------------------------------------------------------
-----------------------------
>
> IONA
> Total Business Integration (TM)
> Phone: 408 350 9619
> http://www.iona.com
>
>      -----Original Message-----
>      From: Damodaran, Suresh
>      [mailto:Suresh_Damodaran@stercomm.com]
>      Sent: Monday, August 20, 2001 11:47 AM
>      To: 'regrep-security@lists.oasis-open.org';
>      'dennisc@nii.org.tw'; 'Michael Joya'; 'spatil@iona.com'
>      Subject: RE: ebXML Security subteam - proposal v0.11
>      Importance: High
>
>      Team,Here is the updated proposal. I hope there is enough
>      basisin this document for us to make decisions on what is
>      absolutely necessaryfor V2. Please be ready to fill in Table
>      2 by next meeting - Thursday 5-6PM Eastern
>      (tentative).Please let me know earlier than Thursday if you
>      think there is not enough info to fill these tables earlier
>      - especially, if you cannot make it to the
>      meeting. Regards,-SureshPS: If you are not already in
>      regrep-security mailing list, please become one.
>
--
Regards,
Farrukh

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC