[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] Security and Joint Action
Unfortunately, I'm back from vacation and trying to catch up on things that required more thought than I was willing to expend last week. Frank, what you are talking about is the classic verification (did I build/do what I was told to build/do?) and validation (did what I build/do address the initiating problem?). From a verification perspective, I am likely interested in integrity, confidentiality, and authentication but I also need authorization and non-repudiation. The validation of "is what is going on what is supposed to be going on?" addresses whether someone has solved the problem. Unless necessary, we should avoid introducing validity and empowerment as you speak to them because that is likely to create confusion unless we connect with V&V. Ken On Aug 12, 2009, at 12:44 PM, Francis McCabe wrote: > When considering the security of interaction two thoughts seem to be > important. > > Issue number one is: "is what is going on what every expects is going > on?" > Issue number two is: > on?" > > Both of these questions go well beyond security. However, in the > domain of secure interaction, the first is addressed in terms of > integrity, confidentiality and authentication: i.e., are the players > who we think they are and do we have the perimeter secured? > > The second speaks to authorization: do the players have the > appropriate authority to be doing what they are doing. > > As a matter of interest, the first is sometimes captured in terms of > the *validity* of an action or actions (including joint actions) and > the second is captured in terms of the *empowerment* of the actors. We > may not need to bring the concepts of validity and empowerment into > the secure interactions diagram; but they should inform us in our > design of the diagram. > > Note: joint actions show up in multiple levels in a given interaction. > Security also shows up in multiple levels. The concept of message does > not appear in all those levels -- only some. > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > ----------------------------------------------------------------------------- Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive fax: 703-983-1379 McLean VA 22102-7508
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]