OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] FW: SOAP Confidentiality and Integrity: NextStep?

Does the submission of the WS-Security specs to OASIS (and the meeting
announced by Phill) mean that there will *not* be a "web services
security" activity chartered within the W3C?

 - RL "Bob"


> -----Original Message-----
> From: Joseph Reagle [mailto:reagle@w3.org]
> Sent: Tuesday, June 18, 2002 1:24 PM
> To: www-ws-arch@w3.org
> Cc: xml-encryption@w3.org; 3.org@w3.org; www-xkms@w3.org
> Subject: SOAP Confidentiality and Integrity: Next Step?
> This email is a final step in a thread in how to start work on providing
> confidentiality and integrity for SOAP messages. I've discused a range of
> security issues [1] with a conclusion that this topic (soap+xmldsig+xenc)
> is most pressing; however, I was not able to find agreement that this issue
> should be shoe-horned into an existing WG, instead it should be part of the
> Web Services security. [2]
> Though I'm relatively ignorant of the ws-arch discussions, I've heard the
> ws-arch WG is considering this issue and will try to have charters
> available for work in July [3], but that the immediate issue might also be
> delayed be consideration of the bigger issues. Consequently, I'd recommend
> that a charter for work in the WS Activity be specified with a scope no
> larger than [4] -- and potentially more narrow (e.g., without tokens). A
> "web services security" community does not yet exist (or it does, but it's
> fragmented) and starting work on this immediately not only commences with
> the work, but helps build a community which then can contribute to the
> larger discussion. For instance, because standardized security components
> do not yet exist, specifications such as XKMS [5] may end up specifying
> "one-off" versions in the short term. However, these could be contributed
> to the WS work. We all know somebody who knows somebody who is in the other
> WG, but sometimes that isn't quite enough. <smile/>
> In conclusion, I advocate a charter with specific and immediate terms, and
> an active recruitment of participants. Please let me know if and how events
> are likely to be otherwise. Thanks!
> [1] http://lists.w3.org/Archives/Member/w3c-ac-forum/2002AprJun/0022.html
> [2] http://lists.w3.org/Archives/Public/www-xenc-xmlp-tf/2002Jun/0002.html
> [3] http://www.w3.org/2002/05/28-ws-cg-irc.txt
> [4]
> http://www-106.ibm.com/developerworks/security/library/ws-secure/?dwzone=sec
> urity
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/
> html/ws-security.asp
> [5] http://lists.w3.org/Archives/Public/www-xkms/2002Jun/0016.html
> --
> Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
> W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC