[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Getting the security considerations group going
Makes sense to me, too. Please mention this in the subgroup report today. Eve At 03:48 PM 2/19/01 -0600, George_Robert_Blakley_III@tivoli.com wrote: >I agree with Bob. "Security and Privacy considerations" will save us a lot >of grief later (actually, not much >later really, given that GLB becomes effective in the USA in July, and many >other parts of the world >have legislation already in effect). > >--bob > >Bob Blakley >Chief Scientist, Security >Tivoli Systems, Inc. > > >"RL 'Bob' Morgan" <rlmorgan@washington.edu> on 02/17/2001 01:50:06 AM > >Please respond to "RL 'Bob' Morgan" <rlmorgan@washington.edu> > >To: OASIS Security Considerations > <security-consider@lists.oasis-open.org> >cc: >Subject: Re: Getting the security considerations group going > > > > >Here's a possible item for this group. > >Discussion in the use-case group has revealed some interest in stating >some requirements regarding privacy, anonymity, pseudonymity and such. It >was observed that privacy issues, like many security issues, tend to be >related at least as much to how a technology is deployed as to the tech >design per se; hence "privacy considerations", parallel to security >considerations, is likely to be the best venue for saying what needs to be >said about these issues. > >So, I propose that the scope of the "security considerations" area be >expanded to "security and privacy considerations". One view, of course, >is that privacy concerns are a subset of security concerns, but in my view >it's worth it to consider them on their own. > >In my opinion the importance of privacy requirements is one of the main >distinguishing characteristics of inter-domain security, which is one of >the main targets of our work. Just as connecting networks, in practice, >requires firewalls to provide policy-based control of information flow, so >connecting autonomous security infrastructures will require precise >control of the contents of security assertions that pass between domains. >So, we should rise to this challenge. > >Thanks, > > - RL "Bob" Morgan > University of Washington > > > >------------------------------------------------------------------ >To unsubscribe from this elist send a message with the single word >"unsubscribe" in the body to: >security-consider-request@lists.oasis-open.org > > > >------------------------------------------------------------------ >To unsubscribe from this elist send a message with the single word >"unsubscribe" in the body to: security-consider-request@lists.oasis-open.org -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ east.sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC