[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: example security considerations - ebXML
I understand that some folks are wondering whether the "security & privacy considerations" subgroup really has anything to do in the SSTC context. I offer the following as a couple of imho good examples of the sort of work this subgroup should try to produce for SAML.. [1] ebXML Technical Architecture Risk Assessment, v0.3.5 [attached] [2] Message Service Specification - ebXML Transport, Routing & Packaging, v0.98b [See section 12 "Security"] http://www.ebxml.org/specdrafts/ebXML_Message_Service_Specification_v0.98b.pdf ..they were produced by a analogous subgroup within the ebXML group. I think the level of detail in Section 12 of [2] is the sort of stuff that we'll need in the SAML spec. Note the table of profiles at the end of Section 12. We also should think about whether we'll need a doc analogous to [1]. Note SAML's appearance in Risk Table in Section 6 of [2]. food for thought in any case. JeffH
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC