Re: Getting the security considerations group going

["Eve L. Maler" <eve.maler@east.sun.com>]

Makes sense to me, too.  Please mention this in the subgroup report today.

         Eve

At 03:48 PM 2/19/01 -0600, George_Robert_Blakley_III@tivoli.com wrote:
>I agree with Bob.  "Security and Privacy considerations" will save us a lot
>of grief later (actually, not much
>later really, given that GLB becomes effective in the USA in July, and many
>other parts of the world
>have legislation already in effect).
>
>--bob
>
>Bob Blakley
>Chief Scientist, Security
>Tivoli Systems, Inc.
>
>
>"RL 'Bob' Morgan" <rlmorgan@washington.edu> on 02/17/2001 01:50:06 AM
>
>Please respond to "RL 'Bob' Morgan" <rlmorgan@washington.edu>
>
>To:   OASIS Security Considerations
>       <security-consider@lists.oasis-open.org>
>cc:
>Subject:  Re: Getting the security considerations group going
>
>
>
>
>Here's a possible item for this group.
>
>Discussion in the use-case group has revealed some interest in stating
>some requirements regarding privacy, anonymity, pseudonymity and such.  It
>was observed that privacy issues, like many security issues, tend to be
>related at least as much to how a technology is deployed as to the tech
>design per se; hence "privacy considerations", parallel to security
>considerations, is likely to be the best venue for saying what needs to be
>said about these issues.
>
>So, I propose that the scope of the "security considerations" area be
>expanded to "security and privacy considerations".  One view, of course,
>is that privacy concerns are a subset of security concerns, but in my view
>it's worth it to consider them on their own.
>
>In my opinion the importance of privacy requirements is one of the main
>distinguishing characteristics of inter-domain security, which is one of
>the main targets of our work.  Just as connecting networks, in practice,
>requires firewalls to provide policy-based control of information flow, so
>connecting autonomous security infrastructures will require precise
>control of the contents of security assertions that pass between domains.
>So, we should rise to this challenge.
>
>Thanks,
>
>  - RL "Bob" Morgan
>    University of Washington
>
>
>
>------------------------------------------------------------------
>To unsubscribe from this elist send a message with the single word
>"unsubscribe" in the body to:
>security-consider-request@lists.oasis-open.org
>
>
>
>------------------------------------------------------------------
>To unsubscribe from this elist send a message with the single word
>"unsubscribe" in the body to: security-consider-request@lists.oasis-open.org

--
Eve Maler                                          +1 781 442 3190
Sun Microsystems XML Technology Center    eve.maler @ east.sun.com