[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [soa-rm] Security (Re: [soa-rm] Definition of "Service Consumer")
<Quote>
"Service use agreement may mandate security requirements to be
met, and
if they are not, service may be refused."
</Quote>
IMHO, contract does not imply security (or vice-versa). Asking someone who is architecting a SOA using our RM to make this mind leap without including the notion of security more directly into the RM may result in difficulties in leveraging the RM.
My $0.02 :)
Joe
Security could be fit into the RM indirectly via "Contract" (or
a less
controversial word, such as "Agreement"). You talking about
refusing
service tweaked this in my brain...
"Service use agreement
may mandate security requirements to be met, and
if they are not, service may
be refused."
-matt
Anders W. Tell wrote:
>
Hi,
>
> This is getting interesting so Ill just join
in
>
> There seem to be good reasons why security or maybe more
appropriate
> security related functions could be part of a (abstract) RM.
Functions
> such as (add,verify)integrity,
(add,verify)confidentiality,
> (add,verify)authentication
etc.
>
> If one wants to later relate a RM to economical and legel
aspects such
> as those found in service level agreements then such
abstract function
> seems relevant.
>
> The rigth to refuce
service access may be a function of
> authenticationverification of
issuer, sender ,indended receive,
> addressee.
>
> So Ill
think Ken is right that it maybe a good point keeping it on the
> agenda
and removed later if deemed to concrete.
>
> /Anders
>
>
Ken Laskey wrote:
>
>> Moreover, the question is whether all SOAs
SHOULD have security and
>> whether that needs to be captured in the
RM. As noted, secuirty is
>> often just tacked on and that may
not be sufficient for *any* SOA to
>> be
successful.
>>
>> Ken
>>
>> At 02:27 PM
4/11/2005, Duane Nickull wrote:
>>
>>> The RM does not
support security models. A reference model is used
>>> to
guide the design of architecture that may include specific
>>>
security protocols or models. Our requirement must be to ensure
that
>>> nothing we place in the RM makes any specific security
model a
>>> requirement (since not all SOA's have security) and to
ensure that
>>> we do not preclude a specific type of security model
from being used.
>>> Duane
>>>
>>> Vikas
Deolaliker wrote:
>>>
>>>> I think the question
should be how many different types of security
>>>>
models
>>>> will this RM support?
>>>>
Vikas
>>>>
>>>>
--
>>>
>>>
>>>
--
>>>
>>> ***********
>>> Senior Standards
Strategist - Adobe Systems, Inc. -
>>> http://www.adobe.com
>>> Vice Chair
- UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/
>>>
Adobe Enterprise Developer Resources -
>>> http://www.adobe.com/enterprise/developer/main.html
>>>
***********
>>>
>>
>>
--
>>
>>
---------------------------------------------------------------------------------
>>
>>
/ Ken
>>
Laskey
\
>> | MITRE Corporation, M/S
H305 phone: 703-883-7934 |
>>
| 7515 Colshire
Drive
fax: 703-883-1379
|
>> \ McLean VA
>>
22102-7508
/
>>
>>
----------------------------------------------------------------------------------
>>
>>
>>
>>
>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]