[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm] Security (Re: [soa-rm] Definition of "Service Consumer")
Duane Nickull wrote: > A security policy, in addition to other service policies, is part of a > service contract. Resonable. > A security policy is a declaration of a set of requirements that must > be met in order to consume a service. I think it may be benificial if the set of requirements always are constructed so that they are bound to only one party so a "functional security policy"" should divided into at least two parts: 1. requirements or terms and conditions related to Requestor (sort or reqired interface) 2. terms and condition related to provided service If one want to ties a SOA to responsibilities, risk etc then rules and regulations must be defined in a way that the perfomer and beneficiary are identified. > A declaration that indicates no requirements must be met is still > conceptually considered a security policy. yep. BTW: A term (and document) I used in a nordic project was Functional and Technical Policy. This document is aimed att "functional" specialist without detailed technical (apllied technology) knowledge and containes functional "requirements" that are mapped into technolgy by a technologial profile. /anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]