[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm] Security (Re: [soa-rm] Definition of "Service Consumer")
Would this inference be accurate: A security policy, in addition to other service policies, is part of a service contract. A security policy is a declaration of a set of requirements that must be met in order to consume a service. A declaration that indicates no requirements must be met is still conceptually considered a security policy. Duane Francis McCabe wrote: > This is how I see it also. The contract represents the syntactic, > semantic and pragmatic constraints on the use of a service. That > covers security, and I hope QoS management, etc. > Frank > > On Apr 12, 2005, at 8:08 AM, Matthew MacKenzie wrote: > >> Security could be fit into the RM indirectly via "Contract" (or a >> less controversial word, such as "Agreement"). You talking about >> refusing service tweaked this in my brain... >> >> "Service use agreement may mandate security requirements to be met, >> and if they are not, service may be refused." >> >> -matt >> >> >> Anders W. Tell wrote: >> >>> Hi, >>> >>> This is getting interesting so Ill just join in >>> >>> There seem to be good reasons why security or maybe more >>> appropriate security related functions could be part of a >>> (abstract) RM. Functions such as (add,verify)integrity, >>> (add,verify)confidentiality, (add,verify)authentication etc. >>> >>> If one wants to later relate a RM to economical and legel aspects >>> such as those found in service level agreements then such abstract >>> function seems relevant. >>> >>> The rigth to refuce service access may be a function of >>> authenticationverification of issuer, sender ,indended receive, >>> addressee. >>> >>> So Ill think Ken is right that it maybe a good point keeping it on >>> the agenda and removed later if deemed to concrete. >>> >>> /Anders >>> >>> Ken Laskey wrote: >>> >>>> Moreover, the question is whether all SOAs SHOULD have security >>>> and whether that needs to be captured in the RM. As noted, >>>> secuirty is often just tacked on and that may not be sufficient >>>> for *any* SOA to be successful. >>>> >>>> Ken >>>> >>>> At 02:27 PM 4/11/2005, Duane Nickull wrote: >>>> >>>>> The RM does not support security models. A reference model is >>>>> used to guide the design of architecture that may include >>>>> specific security protocols or models. Our requirement must be to >>>>> ensure that nothing we place in the RM makes any specific >>>>> security model a requirement (since not all SOA's have security) >>>>> and to ensure that we do not preclude a specific type of security >>>>> model from being used. >>>>> Duane >>>>> >>>>> Vikas Deolaliker wrote: >>>>> >>>>>> I think the question should be how many different types of >>>>>> security models >>>>>> will this RM support? >>>>>> Vikas >>>>>> >>>>>> -- >>>>> >>>>> >>>>> >>>>> -- >>>>> *********** >>>>> Senior Standards Strategist - Adobe Systems, Inc. - >>>>> http://www.adobe.com >>>>> Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/ >>>>> Adobe Enterprise Developer Resources - >>>>> http://www.adobe.com/enterprise/developer/main.html >>>>> *********** >>>>> >>>> >>>> -- >>>> --------------------------------------------------------------------- >>>> ------------ >>>> / Ken >>>> Laskey >>>> \ >>>> | MITRE Corporation, M/S H305 phone: 703-883-7934 | >>>> | 7515 Colshire Drive fax: >>>> 703-883-1379 | >>>> \ McLean VA >>>> 22102-7508 / >>>> >>>> --------------------------------------------------------------------- >>>> ------------- >>>> >>>> >>>> >>> >>> >> > -- *********** Senior Standards Strategist - Adobe Systems, Inc. - http://www.adobe.com Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/ Adobe Enterprise Developer Resources - http://www.adobe.com/enterprise/developer/main.html ***********
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]