[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: IDMEF/IODEF
At the risk of putting words in Bob's mouth, I believe he was making a distinction between securely transporting arbitrary XML-encoded objects over various protocols, (which we are not doing) and conveying security-related information in XML and transporting it over various protocols (which we are). A signed purchase order in XML would be an example of the former. A XML document identifying an individual as an authorized purchasing agent would be an example of the latter. Hal > -----Original Message----- > From: Mishra, Prateek [mailto:pmishra@netegrity.com] > Sent: Monday, January 22, 2001 12:12 PM > To: 'RL 'Bob' Morgan'; Eve L. Maler > Cc: security-services@lists.oasis-open.org > Subject: RE: IDMEF/IODEF > > > Bob, > > One of the goals of the S2ML spec. was to provide > a number of bindings for interactions based > on a number of standard protocols. This has been > called out in Section 6, Bindings to Messaging and > Transport Protocols. > > Clearly, the breadth of this section needs to be > scoped with some care (How many protocols?) and > the Use-Cases and Requirements work should provide > additional guidance in this direction. > > I am puzzled tho' by your thought that this might > be completely out of scope for this group. > Consider HTTP, for example, How should S2ML assertions > be embedded within HTTP flows? What about consideration > of the case when the client is limited to a browser? > Without this information, I dont see how inter-operability > between "security zones" is supported by S2ML or any > succssor specification. > > - prateek > > > > Obviously there are a substantial number of standardization > > efforts going > > on in more or less the same space as ours, namely XML-formatted data > > objects transfered via any of several transports (HTTP, SMTP, > > BEEP, etc). > > One might observe that each of these is approaching security > > in its own > > way (or not at all) and conclude that it would be a useful > goal of our > > work to provide XML-based security services for the generic > > XML-over-foo > > protocol. I expect, though, that participants in this TC > > would agree that > > that is *not* what we're trying to do. Yes? If so we might > > want to state > > this as an explicit non-goal in our charter (and no I don't > > have precise > > wording at the moment) since I suspect this could be a > likely point of > > confusion, especially given the name of the group. > > > > - RL "Bob" > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC