[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Welcome to the security considerations list
Ladies & gents, The list is now up & running. We have about a dozen members for our group: Ken Yagen, Crosslogix Tim Moses, Entrust Carlisle Adams, Entrust Michah Lerner, AT&T Nigel Edwards, Hewlett-Packard Krishna Sankar, Cisco Alan Byrne, Vordel Mike Wray, Hewlett-Packard Hal Lockhart, Entegrity Zahid Ahmed, CommerceOne Jeff Hodges, Oblix Eve Maler, Sun (ex officio) There are two others who have requested to join the group, but I'm unsure if they're eligible (because they're not OASIS members). I've asked Karl Best to look into them, and let me know. In any case, I see the primary role of the group as providing general security review to make sure that the requirements, specifications, etc. from the other groups don't have security architectural problems (e.g., broken crypto protocols). A secondary role is to develop a set of guidelines for implementers about security considerations that aren't part of the specification per se, but are necessary to have a secure implementation (e.g., tokens need to be cryptographically random, which can't be required, but an implementation that doesn't do it would be bad). Other opinions on our charter? I won't write a draft formal charter until we have an informal agreement on what it is we're going to do... I'd like to get through the next general meeting before we consider a meeting (via telecon) of our working group. Thanks in advance for your participation. --Jeremy ----------------------------------------------------------- Jeremy Epstein voice: 703-460-5852 Security Architect FAX: 703-460-5999 webMethods, Inc. cell: 703-989-8907 Fairfax Virginia email: jepstein@webMethods.com -----------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC