[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: example security considerations - ebXML
I understand that some folks are wondering whether the "security & privacy
considerations" subgroup really has anything to do in the SSTC context. I offer
the following as a couple of imho good examples of the sort of work this
subgroup should try to produce for SAML..
[1] ebXML Technical Architecture Risk Assessment, v0.3.5
[attached]
[2] Message Service Specification - ebXML Transport, Routing & Packaging,
v0.98b [See section 12 "Security"]
http://www.ebxml.org/specdrafts/ebXML_Message_Service_Specification_v0.98b.pdf
..they were produced by a analogous subgroup within the ebXML group.
I think the level of detail in Section 12 of [2] is the sort of stuff that
we'll need in the SAML spec. Note the table of profiles at the end of Section
12. We also should think about whether we'll need a doc analogous to [1]. Note
SAML's appearance in Risk Table in Section 6 of [2].
food for thought in any case.
JeffH
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC