OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Since Conformance to be added - a couple notes

Taking advantage of the fact that the Draft still needs some content to be added (for Conformance), please, allow me to toint to 2 more places fo additional changes, I believe, the Draft would benefit from. In particular,

5.2.7  Architectural Implications of SOA Security
This section talks about The mechanisms that make-up the execution context in secure SOA-based message exchanges should:. My point is that it is not enough for SOA Security.

We have talked already that execution context may be applied (according to SOA RM) as to the message exchange as to the service execution (service body) itself. From the service consumer perspective, security of the message exchange is equally important to the security of the service execution.

For example, the major fault in HTTPS is that the message becomes naked (unprotected) the next moment it reaches the destination - Web Server. Now, it is the Web Server and the rest of the receivers system have to preserve message integrity, confidentiality, etc.

I would like to propose very simple change in the text: replace words message exchanges by the word systems and leave the list of security measures as is. Thus, the phrase would sound like:  The mechanisms that make-up the execution context in secure SOA-based systems should:

5.3.3	Management Infrastructure
This section misses registries/repositories for Service Descriptors, Service Contracts, service development and run-time policies.

I propose to add one bullet-point into the list saying something like:
	Development and Run-time Repositories for
o	Service Descriptors 
o	Service Contracts
o	Policies

In many cases, such repositories will be the only instruments available to the Architects for service maintenance and management.

- Michael Poulin

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]