OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: S2ML Use Cases Revisited

Mishra [et al],
> You are correct, the draft presumes that the sending site is known in
> advance.

When the "e-relation" is established this is perfectly OK, but I lack support
in S2ML for the entire "e-relationship" process.  I.e. Requesting a partnership,
potentially being Granted a partnership,  *then* Executing the partnership, and
eventually Terminating the partnership as well. 

> The framework in S2ML 0.8a assumes that there is a static trust relationship
> between the actors that  has been somehow configured or agreed upon in advance. It is certainly
> possible to weaken this assumption but it would also be good to have some use-cases to
> support such an extension. 

The use-case is simply scalable e-business with a multitude of partners, where the
relations may be rather short-lived, the interest in performing mutual configurations minimal,
and even trust be relatively limited.  "Normal" business in my opinion.

- Is this really achievable? Yes, it is not even principally hard. Agreeing on details is always hard. 
- Wouldn't this be a major revision? Yes, almost back to square #1.
- Does this have anything to do with challenge-response authentication? Yes, it can't be done without it!

Anders Rundgren

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC