OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Use Cases & Requirements, Straw Man 1

I have some comments on the current use case and requirements
document. First thanks to Evan Prodromou for pulling together the
first cut in a short time.

One of the goals listed is SOAP as a messaging protocol. SOAP was one
of the inputs to the XML Protocol group in W3C. I don't follow that
group, but my understanding is that they are scheduled to have a
candidate recommendation by April 2001. Therefore wouldn't it be
better to have "XML Protocol" instead of SOAP?

One of the non-goals is listed as: "Challenge-response authentication
protocols are outside the scope of [OSSML]." Therefore are all other 
possible classes of authentication protocols in? If we want to
restrict the authentication protocols allowed, then I think it would
be better to list the ones in-scope explicitly.

Scenario 2, first paragraph seems to have text missing. It ends: 
"in order to determine "

In the two "Back office scenarios", I didn't understand the value of
the buyer and seller exchanging "authentication documents". Should it
be "authorization/assertion documents"? I think I might not only need
who I am engaging in a transaction with, but also if they are
authorized to do so. A similar comment applies to the Application

Finally, I think we have lost some of the valuable aspects of scenario
2 from the S2ML specification. In that scenario two exchanges were
identified, and one of the exchanges (exchange A) was inserting
statements into the documents as they flowed thru it.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC