[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ebXML Security subteam - proposal v0.11
Sanjay, I feel that integrity of registry content is more important than access control because providing flexible access control to data whose integrity is questionable is less important than guarenteeing that the data may be trusted to be what was put in the registry and know who put it there. In restrospect Access Control should be rated a B in my response and not a C. IMO, both integrity and ACL work should be done for minimal V2.0 deliverables. BTW I wanted to introduce Sekhar Vajjhala my colleague at Sun and member of our J2EE security team. Sekhar has volunteered to help us in security sub-team to define those aspects of our proposal that deal with determining signing requirements and how to use XML D-Sig to meet signing requirements. He brings XML D-Sig knoweldge and a good security background to the team. "Patil, Sanjay" wrote: > Farrukh, I would be interested to know your thinking > behind putting access control at lower priority compared > with integrity related Security concerns. Ex. your > feedback rates items 2a and 2b as of priority C and > item 1 as priority b. > > I tend to think of access control as a high priority concern. > > thanks, > Sanjay Patil > ---------------------------------------------------------------------------- > ------------------------------ > IONA > Total Business Integration (TM) > Phone: 408 350 9619 http://www.iona.com > > -----Original Message----- > From: Farrukh Najmi [mailto:Farrukh.Najmi@Sun.COM] > Sent: Thursday, August 23, 2001 4:38 AM > To: Patil, Sanjay > Cc: 'Damodaran, Suresh'; 'regrep-security@lists.oasis-open.org'; > 'dennisc@nii.org.tw'; 'Michael Joya'; sekhar vajjhala > Subject: Re: ebXML Security subteam - proposal v0.11 > > Oops I forgot my attachment of Suresh's good document with my comments > in Red. > > "Patil, Sanjay" wrote: > > > Suresh, good document. A few comments that I had are dispersed inthe > > attached document in red. One question I have to the team is - going > > ahead, should we identify terminology for each of the security concern > > in addition to the verbal description. In the attached document, I > > have used terms from RFC 2828 for the security concerns under section > > 3.1 As far as priorities of the different security concerns, I think > > theaccess control related concerns take a higher priority over > > theintegrity related concerns. At least for private registries, > > integrityrisk is generally not an issue. However access control is > > mostlyrequired. For public registries, a weak access control can beone > > of the fundamental causes compromising the integrity of the > > content. Sorry for the delay in responding.thanks, > > Sanjay Patil > > > > > ---------------------------------------------------------------------------- > ----------------------------- > > > > IONA > > Total Business Integration (TM) > > Phone: 408 350 9619 > > http://www.iona.com > > > > -----Original Message----- > > From: Damodaran, Suresh > > [mailto:Suresh_Damodaran@stercomm.com] > > Sent: Monday, August 20, 2001 11:47 AM > > To: 'regrep-security@lists.oasis-open.org'; > > 'dennisc@nii.org.tw'; 'Michael Joya'; 'spatil@iona.com' > > Subject: RE: ebXML Security subteam - proposal v0.11 > > Importance: High > > > > Team,Here is the updated proposal. I hope there is enough > > basisin this document for us to make decisions on what is > > absolutely necessaryfor V2. Please be ready to fill in Table > > 2 by next meeting - Thursday 5-6PM Eastern > > (tentative).Please let me know earlier than Thursday if you > > think there is not enough info to fill these tables earlier > > - especially, if you cannot make it to the > > meeting. Regards,-SureshPS: If you are not already in > > regrep-security mailing list, please become one. > > > -- > Regards, > Farrukh > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> -- Regards, Farrukh
begin:vcard n:Najmi;Farrukh tel;work:781-442-0703 x-mozilla-html:FALSE url:www.sun.com org:Sun Microsystems;Java Software adr:;;1 Network Dr. MS BUR02-302;Burlington;MA;01803-0902;USA version:2.1 email;internet:najmi@east.sun.com fn:Farrukh Najmi end:vcard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC