[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm] Definition of "Service Consumer"
Let's leave this as an open issue, if we may. Except for a very simple, very closed system, I cannot imagine a viable SOA in a real environment without security. I am willing to be educated about situations where security can legitimately be skipped, but I don't think it can be left out of a useful RM. Ken On Apr 11, 2005, at 3:32 PM, Matthew MacKenzie wrote: > I don't believe that all SOAs do or will have security. I think we > should simply not mention it. This is, after all, an abstract > reference model. We can produce the warmNfuzzy that having a security > component adds in our own SOA designs that are identifiable with the > SOA-RM. > > -matt > > On 11-Apr-05, at 12:28 PM, Duane Nickull wrote: > >> Ken: >> >> I am not 100% sure about this. I would like to research this on a >> more philosophical basis. Not all SOA's use explicit security >> protocols (the internet doesn't). The fundamental philosophical >> question may be " does the explicit statement conveying the absence >> of any security still imply a security model"? >> >> The danger in saying "yes" is that it opens the door for more >> "things" to be part of the RM. >> >> I would like to mull this over and do some research. I am sure Matt >> has a good answer ;-) >> >> Duane >> >> Ken Laskey wrote: >> >>> Moreover, the question is whether all SOAs SHOULD have security and >>> whether that needs to be captured in the RM. As noted, secuirty is >>> often just tacked on and that may not be sufficient for *any* SOA to >>> be successful. >>> >>> Ken >>> >>> At 02:27 PM 4/11/2005, Duane Nickull wrote: >>> >>>> The RM does not support security models. A reference model is used >>>> to guide the design of architecture that may include specific >>>> security protocols or models. Our requirement must be to ensure >>>> that nothing we place in the RM makes any specific security model a >>>> requirement (since not all SOA's have security) and to ensure that >>>> we do not preclude a specific type of security model from being >>>> used. >>>> Duane >>>> >>>> Vikas Deolaliker wrote: >>>> >>>>> I think the question should be how many different types of >>>>> security models >>>>> will this RM support? >>>>> Vikas >>>>> >>>>> -- >>>> >>>> -- >>>> *********** >>>> Senior Standards Strategist - Adobe Systems, Inc. - >>>> http://www.adobe.com >>>> Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/ >>>> Adobe Enterprise Developer Resources - >>>> http://www.adobe.com/enterprise/developer/main.html >>>> *********** >>>> >>> >>> -- >>> --------------------------------------------------------------------- >>> ------------ >>> / Ken Laskey >>> \ >>> | MITRE Corporation, M/S H305 phone: 703-883-7934 | >>> | 7515 Colshire Drive fax: 703-883-1379 >>> | >>> \ McLean VA 22102-7508 >>> / >>> >>> --------------------------------------------------------------------- >>> ------------- >>> >>> >> >> -- >> *********** >> Senior Standards Strategist - Adobe Systems, Inc. - >> http://www.adobe.com >> Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/ >> Adobe Enterprise Developer Resources - >> http://www.adobe.com/enterprise/developer/main.html >> *********** >> > > ------------------------------------------------------------------------ ------------------ Ken Laskey MITRE Corporation, M/S H305 phone: 703-883-7934 7515 Colshire Drive fax: 703-883-1379 McLean VA 22102-7508
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]