OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [soa-rm] Security (Re: [soa-rm] Definition of "Service Consumer")


Security could be fit into the RM indirectly via "Contract" (or a less 
controversial word, such as "Agreement").  You talking about refusing 
service tweaked this in my brain...

"Service use agreement may mandate security requirements to be met, and 
if they are not, service may be refused."

-matt


Anders W. Tell wrote:

> Hi,
>
> This is getting interesting so Ill just join in
>
> There seem to be good reasons why security or maybe more appropriate 
> security related functions could be part of a (abstract) RM. Functions 
> such as (add,verify)integrity, (add,verify)confidentiality, 
> (add,verify)authentication etc.
>
> If one wants to later relate a RM to economical and legel aspects such 
> as those found in service level agreements then such abstract function 
> seems relevant.
>
> The rigth to refuce service access may be a function of 
> authenticationverification of issuer, sender ,indended receive, 
> addressee.
>
> So Ill think Ken is right that it maybe a good point keeping it on the 
> agenda and removed later if deemed to concrete.
>
> /Anders
>
> Ken Laskey wrote:
>
>> Moreover, the question is whether all SOAs SHOULD have security and 
>> whether that needs to be captured in the RM.  As noted, secuirty is 
>> often just tacked on and that may not be sufficient for *any* SOA to 
>> be successful.
>>
>> Ken
>>
>> At 02:27 PM 4/11/2005, Duane Nickull wrote:
>>
>>> The RM does not support security models.  A reference model is used 
>>> to guide the design of architecture that may include specific 
>>> security protocols or models. Our requirement must be to ensure that 
>>> nothing we place in the RM makes any specific security model a 
>>> requirement (since not all SOA's have security) and to ensure that 
>>> we do not preclude a specific type of security model from being used.
>>> Duane
>>>
>>> Vikas Deolaliker wrote:
>>>
>>>> I think the question should be how many different types of security 
>>>> models
>>>> will this RM support?
>>>> Vikas
>>>>
>>>> -- 
>>>
>>>
>>> -- 
>>>
>>> ***********
>>> Senior Standards Strategist - Adobe Systems, Inc. - 
>>> http://www.adobe.com
>>> Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/
>>> Adobe Enterprise Developer Resources  - 
>>> http://www.adobe.com/enterprise/developer/main.html
>>> ***********
>>>
>>
>> -- 
>>      
>> --------------------------------------------------------------------------------- 
>>
>>   /   Ken 
>> Laskey                                                                \
>>  |    MITRE Corporation, M/S H305    phone:  703-883-7934   |
>>  |    7515 Colshire Drive                    fax:      703-883-1379   |
>>   \   McLean VA 
>> 22102-7508                                              /
>>     
>> ---------------------------------------------------------------------------------- 
>>
>>
>>
>>
>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]