[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Thoughts on Registry Security
thanks,
Sanjay
Patil
----------------------------------------------------------------------------------------------------------
IONA
Total
Business Integration (TM)
Phone: 408
350 9619
http://www.iona.com
-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Monday, August 27, 2001 4:35 PM
To: Damodaran, Suresh; 'regrep-security@lists.oasis-open.org'; 'sekhar.vajjhala@Sun.COM'
Subject: RE: Thoughts on Registry SecurityShall we restrict access control actions ( The actions on the objects that need access control on)to the following for V2?- life cycle operations- read operation- update operationCheers,-Suresh-----Original Message-----
From: Damodaran, Suresh
Sent: Monday, August 27, 2001 11:28 AM
To: 'regrep-security@lists.oasis-open.org'; 'sekhar.vajjhala@Sun.COM'
Subject: Thoughts on Registry SecurityHere are some rough thoughts - tell me what you think.Sanjay and Farrukh, I am much thankful for your earlier commentson the topic.From a broad perspective, making sure that the registry hascontents that are trustworthy is important whether the registryis an embedded application, or is used only by apps within the same firewall,or is accessible to anyone with an internet connection. There are variousingredients that go into this. It appears to me that the same use case,such as accessing a registry may have different security requirementsbased on the actor. The distinction on which of the above registry usesto target first, essentially boils down to which use case and which actorsare relatively more important to us. For example, is a Registry Guestan important actor from the point of view of Registry? Should a Registry Guestpublish in the registry? We have not outlined the security needs per use case or actorsSome broader near term issues:1. Authorized access to registry content is essential in any case. Aligning with XACML is anissue.2. Using digital signature for source integrity is important if registry is accessiblefrom anywhere. DS is also useful for message digests for nonrepudiation. Data integrityand confidentiality are more important in the "public registry" case.3. Securing the dynamic data - only special actors can create these? If so what is the requirementon security?Regards,-Suresh
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC