OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [soa-rm] Security (Re: [soa-rm] Definition of "Service Consumer")

Duane Nickull wrote:

> A security policy, in addition to other service policies, is part of a 
> service contract.  


> A security policy is a declaration of a set of requirements that must 
> be met in order to consume a service.  

I think it may be benificial if the set of requirements always are 
constructed so that they are bound to only one party so a "functional 
security policy"" should divided into at least two parts:
1. requirements or terms and conditions related to Requestor (sort or 
reqired interface)
2. terms and condition related to provided service

If one want to ties a SOA to responsibilities, risk etc then rules and 
regulations must be defined in a way that the perfomer and beneficiary 
are identified.

> A declaration that indicates no requirements must be met is still 
> conceptually considered a security policy.


BTW: A term (and document) I used in a nordic project was Functional and Technical Policy. This document is aimed att "functional" specialist without detailed technical (apllied technology) knowledge and containes functional "requirements" that are mapped into technolgy by a technologial profile.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]