OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [soa-rm-ra] Security and Joint Action


Unfortunately, I'm back from vacation and trying to catch up on things  
that required more thought than I was willing to expend last week.

Frank, what you are talking about is the classic verification (did I  
build/do what I was told to build/do?) and validation (did what I  
build/do address the initiating problem?).  From a verification  
perspective, I am likely interested in integrity, confidentiality, and  
authentication but I also need authorization and non-repudiation.  The  
validation of "is what is going on what is supposed to be going on?"  
addresses whether someone has solved the problem.

Unless necessary, we should avoid introducing validity and empowerment  
as you speak to them because that is likely to create confusion unless  
we connect with V&V.

Ken

On Aug 12, 2009, at 12:44 PM, Francis McCabe wrote:

> When considering the security of interaction two thoughts seem to be
> important.
>
> Issue number one is: "is what is going on what every expects is going
> on?"
> Issue number two is:
> on?"
>
> Both of these questions go well beyond security. However, in the
> domain of secure interaction, the first is addressed in terms of
> integrity, confidentiality and authentication: i.e., are the players
> who we think they are and do we have the perimeter secured?
>
> The second speaks to authorization: do the players have the
> appropriate authority to be doing what they are doing.
>
> As a matter of interest, the first is sometimes captured in terms of
> the *validity* of an action or actions (including joint actions) and
> the second is captured in terms of the *empowerment* of the actors. We
> may not need to bring the concepts of validity and empowerment into
> the secure interactions diagram; but they should inform us in our
> design of the diagram.
>
> Note: joint actions show up in multiple levels in a given interaction.
> Security also shows up in multiple levels. The concept of message does
> not appear in all those levels -- only some.
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>

-----------------------------------------------------------------------------
Ken Laskey
MITRE Corporation, M/S H305      phone: 703-983-7934
7515 Colshire Drive                         fax:       703-983-1379
McLean VA 22102-7508







[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]