[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Comments on ISSUE:[UC-13-05:SecurityPolicy]
I share Irving's uncertainty about the intention of this requirement, and will therefore not vote for it. Unless Bob would like to suggest a clarification to the ballot? If it was clearer that it meant Irving's first definition (below), I'd vote for it. Regards, Darren > -----Original Message----- > From: Irving Reid [mailto:Irving.Reid@baltimore.com] > Sent: Tuesday, April 03, 2001 4:47 PM > To: 'security-use@lists.oasis-open.org'; 'RL 'Bob' Morgan'; 'Darren > Platt' > Subject: Comments on ISSUE:[UC-13-05:SecurityPolicy] > > > The candidate text reads: > ---------------------------------------------------------------------- > ISSUE:[UC-13-05:SecurityPolicy] Bob Morgan proposed a business-level > requirement as follows: > > [CR-13-05-SecurityPolicy] Security measures in SAML should > support common institutional security policies regarding > assurance of identity, confidentiality, and integrity. > > Potential Resolutions: > > 1. Add this requirement to the use case and requirements document. > 2. Leave this requirement out of use case and requirements document. > ----------------------------------------------------------------------- > > > I'm not quite sure what this requirement means. I can read it two ways: > > 1) SAML should have ways of encrypting, protecting integrity, > authenticating, etc. > > In this case, I think we already have (or are discussing) the necessary > requirements. > > 2) SAML should have a way of expressing an institutional policy and then > automatically enforcing that policy through the mechanisms > described in 1). > > This is a much bigger issue, and one that I'd definitely like to place out > of scope. > > > Have I missed the point on this one, or do others also find it unclear? > > - irving - >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC