OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-consider message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Welcome to the security considerations list

> In any case, I see the primary role of the group as providing general
> security review to make sure that the requirements, 
> specifications, etc.
> from the other groups don't have security architectural 
> problems (e.g.,
> broken crypto protocols).  A secondary role is to develop a set of
> guidelines for implementers about security considerations 
> that aren't part
> of the specification per se, but are necessary to have a secure
> implementation (e.g., tokens need to be cryptographically 
> random, which
> can't be required, but an implementation that doesn't do it 
> would be bad).
Hi Jeremy,
What is your view on the relationship of the security considerations
group to the requirements group? I had been assuming the requirements
group would focus on application scenarios and that the security
consideration group might discuss and make recommendations on 
specific security requirements.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC