OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-consider message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Getting the security considerations group going

I agree with Bob.  "Security and Privacy considerations" will save us a lot
of grief later (actually, not much
later really, given that GLB becomes effective in the USA in July, and many
other parts of the world
have legislation already in effect).

--bob

Bob Blakley
Chief Scientist, Security
Tivoli Systems, Inc.


"RL 'Bob' Morgan" <rlmorgan@washington.edu> on 02/17/2001 01:50:06 AM

Please respond to "RL 'Bob' Morgan" <rlmorgan@washington.edu>

To:   OASIS Security Considerations
      <security-consider@lists.oasis-open.org>
cc:
Subject:  Re: Getting the security considerations group going




Here's a possible item for this group.

Discussion in the use-case group has revealed some interest in stating
some requirements regarding privacy, anonymity, pseudonymity and such.  It
was observed that privacy issues, like many security issues, tend to be
related at least as much to how a technology is deployed as to the tech
design per se; hence "privacy considerations", parallel to security
considerations, is likely to be the best venue for saying what needs to be
said about these issues.

So, I propose that the scope of the "security considerations" area be
expanded to "security and privacy considerations".  One view, of course,
is that privacy concerns are a subset of security concerns, but in my view
it's worth it to consider them on their own.

In my opinion the importance of privacy requirements is one of the main
distinguishing characteristics of inter-domain security, which is one of
the main targets of our work.  Just as connecting networks, in practice,
requires firewalls to provide policy-based control of information flow, so
connecting autonomous security infrastructures will require precise
control of the contents of security assertions that pass between domains.
So, we should rise to this challenge.

Thanks,

 - RL "Bob" Morgan
   University of Washington



------------------------------------------------------------------
To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to:
security-consider-request@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC