OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Thoughts on Registry Security

Title: RE: ebXML Security subteam
Shall we restrict access control actions ( The actions on the objects that need access control on)
to the following for V2?
    - life cycle operations
   - read operation
   - update operation
-----Original Message-----
From: Damodaran, Suresh
Sent: Monday, August 27, 2001 11:28 AM
To: 'regrep-security@lists.oasis-open.org'; 'sekhar.vajjhala@Sun.COM'
Subject: Thoughts on Registry Security

Here are some rough thoughts - tell me what you think.
Sanjay and Farrukh, I am much thankful for your earlier comments
on the topic.
From a broad perspective, making sure that the registry has
contents that are trustworthy is important whether the registry
is an embedded application, or is used only by apps within the same firewall,
or is accessible to anyone with an internet connection. There are various
ingredients that go into this. It appears to me that the same use case,
such as accessing a registry may have different security requirements
based on the actor. The distinction on which of the above registry uses
to target first, essentially boils down to which use case and which actors
are relatively more important to us. For example, is a Registry Guest
an important actor from the point of view of Registry? Should a Registry Guest
publish in the registry? We have not outlined the security needs per use case or actors
Some broader near term issues:
1. Authorized access to registry content is essential in any case. Aligning with XACML is an
2. Using digital signature for source integrity is important if registry is accessible
from anywhere. DS is also useful for message digests for nonrepudiation. Data integrity
and confidentiality are more important in the "public registry" case.
3. Securing the dynamic data - only special actors can create these? If so what is the requirement
on security?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC