OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

uddi-spec message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [uddi-spec] Groups - uddi-spec-tc-tn-securechannelfortrustworthiness (uddi-spec-tc-tn-securechannelfortrustworthiness-20050310.doc) uploaded

Title: RE: [uddi-spec] Groups - uddi-spec-tc-tn-securechannelfortrustworthiness (uddi-spec-tc-tn-securechannelfortrustworthiness-20050310.doc) uploaded

So Claus…. Sounds like we’re brushing against node “policy” again - dare I say.


Tue will be a great day!


From: Rogers, Tony [mailto:Tony.Rogers@ca.com]
Sent: Tuesday, May 03, 2005 08:09
To: von Riegen, Claus; uddi-spec@lists.oasis-open.org
Subject: RE: [uddi-spec] Groups - uddi-spec-tc-tn-securechannelfortrustworthiness (uddi-spec-tc-tn-securechannelfortrustworthiness-20050310.doc) uploaded


These are both good points. I'd like to see feedback from others.


For my part, I agree that the right place for any indication of server validation is in policy - either node or registry policy. Should there be a preference?


I'm not so sure about the Security API's role in establishing a secure channel - I keep thinking of the secure channel as SSL (althought others have been pointed out), and I have thought of the Security API (at the very least) as being implemented over SSL - hence the channel is established before the Security API is called. Or perhaps you are considering client-authenticated SSL? But I'd really like to hear what others have to say.



-----Original Message-----
From: von Riegen, Claus [mailto:claus.von.riegen@sap.com]
Sent: Tue 03-May-05 19:18
To: Rogers, Tony; uddi-spec@lists.oasis-open.org
Subject: RE: [uddi-spec] Groups - uddi-spec-tc-tn-securechannelfortrustworthiness (uddi-spec-tc-tn-securechannelfortrustworthiness-20050310.doc) uploaded


The TN looks good and is consistent.

Though, maybe because I haven't read the TN for a long time, I was wondering on
A) how the client can actually determine that the validation is done on the server side and whether this needs to be described using a node policy
B) what guidance we may want to give in terms of using the UDDI Security API set for the actual establishment of a secure channel.



-----Original Message-----
From: Tony.Rogers@ca.com [mailto:Tony.Rogers@ca.com]
Sent: Dienstag, 29. März 2005 08:12
To: uddi-spec@lists.oasis-open.org
Subject: [uddi-spec] Groups - uddi-spec-tc-tn-securechannelfortrustworthiness (uddi-spec-tc-tn-securechannelfortrustworthiness-20050310.doc) uploaded

This is the candidate for release as a Technical Note. It is now open for
30 day review. Please take the time to read it - it will be up for
discussion at the next TC meeting.

 -- Mr Tony Rogers

The document revision named uddi-spec-tc-tn-securechannelfortrustworthiness
(uddi-spec-tc-tn-securechannelfortrustworthiness-20050310.doc) has been
submitted by Mr Tony Rogers to the OASIS UDDI Specification TC document
repository.  This document is revision #6 of

Document Description:
v0.4 - Minor revisions to tidy up some of the language and strengthen the

v0.5 - Updates to Tony's edits

v0.6 - Paul Macias' edits

v0.7 - Pete Wenzel's edits

v0.8 - Tony's minor edits

View Document Details:

Download Document: 

This document is revision #6 of
uddi-spec-tc-tn-secureChannelForTrustworthiness-20040315.doc.  The document
details page referenced above will show the complete revision history.

PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

-OASIS Open Administration

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]