OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [soa-rm-ra] Thought Experiment on SOA Security and Governance

TS Trust is where we should look for mapping the trust aspects of service
management in the RM to SOA to the RA IMO.  In the case below it would be
authentication via other tokens since only about 5-15% of the population has
the technical skill to acquire and implement such.  Nevertheless, WS-Trust
defines a model for trust management.  You may wish to take a look.  It is
in the OASIS Kavi.

http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-rddl.html

I have also cc'd Marc Goodner of Microsoft who has extensive knowledge of
this specification.  One of our members/observers, Abbie barbir, also works
on this.

I would like to suggest we utilize this model for several reasons.  First -
the model is technically well thought out and is a good match for our needs.
It is also an OASIS managed specification under the WS-SX TC.  It is also
likely that the WS-* stack is the primary implementation technology for
those wishing to implement an architecture written with the SOA RM.
Alignment on all three aspects indicates we need to strongly consider.

My $0.02 CAD worth (now almost on par with $0.02 USD)

Duane


On 10/30/06 7:40 AM, "Michael Stiefel" <development@reliablesoftware.com>
wrote:

> One of my action items was to come with a scenario that we could use to
> think about SOA Governance. Here is one "use case". Try to imagine what it
> would take for the United States to have secure Internet voting in state
> and federal elections.
> 
> Who would offer the "voting service"?
> 
> This would be the extreme case of Federated Identity. Would the state
> federated identity servers be trusted by the federal identity servers? I
> cannot imagine everybody getting an X509 certificate. Would we restrict
> voting to a few days?
> 
> Comments?
> 
> Michael
> 
> 
> 

-- 
******************************************************
Sr. Technical Evangelist - Adobe Systems, Inc.       *
Chair - OASIS SOA Reference Model Technical Committee*
Blog: http://technoracle.blogspot.com                *
******************************************************

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]