OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: ebXML Security subteam - proposal v0.11

Title: RE: ebXML Security subteam
Great comments! I liked your RFC 2828 idea. I propose we use that terminology wherever possible.
I will update the doc accordingly.
On the priority issue, I hear your point, and I think if we talk about it, we can get to a clear understanding.
The way I think, integrity is a requirement, whereas access control is a technology.
maintaining integrity we could be using access control (by restricting write access, for example).
I will send more comments later.
-----Original Message-----
From: Patil, Sanjay [mailto:SPatil@iona.com]
Sent: Wednesday, August 22, 2001 8:01 PM
To: Damodaran, Suresh; 'regrep-security@lists.oasis-open.org'; 'dennisc@nii.org.tw'; 'Michael Joya'; Patil, Sanjay
Subject: RE: ebXML Security subteam - proposal v0.11

Suresh, good document. A few comments that I had are dispersed in
the attached document in red.
One question I have to the team is - going ahead, should we identify terminology
for each of the security concern in addition to the verbal description. In the attached
document, I have used terms from RFC 2828 for the security concerns under section 3.1
As far as priorities of the different security concerns, I think the
access control related concerns take a higher priority over the
integrity related concerns. At least for private registries, integrity
risk is generally not an issue. However access control is mostly
required. For public registries, a weak access control can be
one of the fundamental causes compromising the integrity of the content.
Sorry for the delay in responding.

Sanjay Patil
Total Business Integration (TM)
Phone: 408 350 9619                                 http://www.iona.com

-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Monday, August 20, 2001 11:47 AM
To: 'regrep-security@lists.oasis-open.org'; 'dennisc@nii.org.tw'; 'Michael Joya'; 'spatil@iona.com'
Subject: RE: ebXML Security subteam - proposal v0.11
Importance: High

Here is the updated proposal. I hope there is enough basis
in this document for us to make decisions on what is absolutely necessary
for V2. Please be ready to fill in Table 2 by next meeting - Thursday 5-6PM Eastern (tentative).
Please let me know earlier than Thursday if you think there is not enough info to fill
 these tables earlier - especially, if you cannot make it to the meeting.
PS: If you are not already in regrep-security mailing list, please become one.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC