OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-consider message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: example security considerations - ebXML

I understand that some folks are wondering whether the "security & privacy
considerations" subgroup really has anything to do in the SSTC context. I offer
the following as a couple of imho good examples of the sort of work this
subgroup should try to produce for SAML..

[1] ebXML Technical Architecture Risk Assessment, v0.3.5

[2] Message Service Specification - ebXML Transport, Routing & Packaging,
    v0.98b [See section 12 "Security"]

..they were produced by a analogous subgroup within the ebXML group. 

I think the level of detail in Section 12 of [2] is the sort of stuff that
we'll need in the SAML spec. Note the table of profiles at the end of Section
12. We also should think about whether we'll need a doc analogous to [1]. Note
SAML's appearance in Risk Table in Section 6 of [2]. 

food for thought in any case.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC