OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] proposed definition: "security context"

As I read this text, it seems to say (loosely paraphrasing) that a message's
security context is the combination of two things: (a) certain contents of
that message, and (b) a set of underlying mechanisms that protect that
message.  These are important, but I believe there's also an important (c):
state information derived and held by the peers that communicate the
message, such as keys used for message validation, which won't appear in the
message itself.  Absent this (c), one could conclude that two entities that
receive a message and process it using the same protocols would necessarily
be interpreting it in conjunction with the same security context (and,
hence, drawing the same conclusions about it), which isn't the result I'd


-----Original Message-----
From: Jeff Hodges [mailto:Jeff.Hodges@Sun.COM]
Sent: Wednesday, July 28, 2004 7:39 PM
To: oasis sstc
Subject: [security-services] proposed definition: "security context"

security context

   With respect to an individual SAML protocol message, the security context
the semantic union of the message's security header blocks (if any) along
other security mechanisms that may be employed in the message's delivery to
recipient. With respect to the latter, an example is security mechanisms 
employed at lower network stack layers such as HTTP, TLS/SSL, IPSEC, etc.

   With respect to a system entity, "Alice", interacting with another system

entity, "Bob", a security context is nominally the semantic union of all 
employed security mechanisms across all network connections between Alice
Bob. Alice and Bob may each individually be, for example, a provider or a
agent. This notion of security context is essentially the same as the notion
"security contexts" as employed in the Distributed Computing Environment
for example.


To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]