OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-core message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Interim requirements



Phill,

That link didn't work in NS (not sure if its me or it).

In any case, you also need to add some requirements text
about avoiding replay attacks - for the core stuff I 
guess we just want some "freshness" attribute which can 
handled via MUST/SHOULD/MAY depending on the use case,
protocol & bindings.

(Jumping right ahead to how to meet the requirement:-) I 
think the idea of doing this as an XML-DSIG SignatureProperty
has been raised as a generic solution. 

Stephen.

Philip Hallam-Baker wrote:
> 
> OK time to switch to html folks!
> 
> I have re-edited Nigel's proposal, the purpose of the ESA requirements
> analysis is to make very sharp distinctions between requirements and
> architecture. Essentially anything up to the word 'because' in is by
> definition not a requirement. What comes after 'because' is the requirement.
> 
> I have split Nigels proposals into two and suggested two alternative
> approaches to meeting the protocol efficiency requirement.
> 
> I am also going through the S2ML and AuthXML drafts to reverse engineer
> requirements from the architecture. The idea of ESA requirements analysis is
> that the document that comes out the end is a nice 'waterfall' document that
> proceeds from requirements, constraints, architectural specification to
> arrive at implementation specification.
> 
> In practice however everyone does the process backwards because that is how
> the brain is designed to think (abstracting particulars to ideals) rather
> than reason (ideals to particulars).
> 
>         Phill
> 
>   ----------------------------------------------------------------------------------------------------
>                                      Name: S2ML Requirements analysis.url
>    S2ML Requirements analysis.url    Type: Internet Shortcut (application/x-unknown-content-type-InternetShortcut)
>                                  Encoding: BASE64

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC