uddi-spec message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [uddi-spec] Web Services Security Scenarios - Use Case
- From: Andrew Hately <hately@us.ibm.com>
- To: <dave.prout@bt.com>
- Date: Tue, 7 Jun 2005 15:23:22 -0500
I think what we need to dig into is
what protocols and methods, either in band or out of band, are being used
to establish trust.
Once we can determine where trust is
established in each use case, we need to look at what is persisted for
each party to represent that trust (such as a key, a keyStore, a trusted
root) and that should lead to what types of queries would be used and what
would be out of band to the query to the registry. This should also
establish what roles the registry will play and what cases should only
be addressed with trusted data or trusted registry connections. It
is particularly the references to including actual credentials or keys
as opposed to storing key services or key providers that could require
a different trust model.
I also believe we need to determine
if the use cases require that we model the abstract security aspect such
as identity assertion through id/password or model only the concrete security
technology such as ws-security username token, or that we model both abstract
aspects/capabilities and the concrete technology used.
Can you expand on your use case to discuss
some of the above?
Regards,
Andrew Hately
IBM Software Group, Emerging Technologies
<dave.prout@bt.com>
06/07/2005 06:14 AM
|
To
| <uddi-spec@lists.oasis-open.org>
|
cc
|
|
Subject
| [uddi-spec] Web Services
Security Scenarios - Use Case |
|
Hi,
At the last meeting Luc asked me to
send some use cases that could inform our discussion on how to decorate
a service in UDDI with its WS-Security requirements.
The WS-I Security Challenges, Threats and
Countermeasures Version 1.0 document
provides useful background http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf
I’d like to start off with one use
case, to see if it is the sort of thing we want.
The use case is buying something over
the web in a secure way, with a confidential response.
In this case the credit card number
is signed with the sender’s private key, so they send their public key
with the request so that the receiver can validate the signature. The credit
card details must also be encrypted with the receiver’s public key, (after
being signed). The response must be encrypted with the sender’s public
key (which was sent on the request).
Please let me know if the use case
should be set out in a different way.
We can easily extract simpler cases
from this one.
Regards
Dave Prout
BT
From: Luc Clement [mailto:luc.clement@systinet.com]
Sent: 27 May 2005 00:02
To: 'Oleg Mikulinsky'
Cc: 'Rogers, Tony'; uddi-spec@lists.oasis-open.org
Subject: [uddi-spec] RE: Request to become UDDI Specification working
group member
Welcome aboard Oleg. For the
purpose of your records, you will obtain voting rights the lesser of 3
TC meetings or the 28 July 2004.
The next TC call is at 15:30ET
on 14 June.
Luc
Luc Clément | Co-Chair
OASIS UDDI TC | Senior Program Manager | Systinet Corporation |
One van de Graaff Drive Burlington,
MA 01803
Phone +1 781.362.1330 | Mobile
+1 978.793.2162 | Fax +1 781.362.1400 |
From: Oleg Mikulinsky [mailto:oleg.mikulinsky@weblayers.com]
Sent: Thursday, May 26, 2005 18:52
To: Luc Clement
Cc: Rogers, Tony
Subject: RE: Request to become UDDI Specification working group member
Luc,
I intent to join as a prospective
member and obtain voting rights per OASIS process. Look forward meeting
you all (virtually). ;)
Regards,
Oleg.
From: Luc Clement [mailto:luc.clement@systinet.com]
Sent: Thursday, May 26, 2005 6:38 PM
To: Oleg Mikulinsky
Cc: 'Rogers, Tony'
Subject: RE: Request to become UDDI Specification working group member
Oleg,
Please read the following
and reply to this email confirming your intention to join as a Prospective
Member. You should note that as an Observer you can provide input which
may satisfy your needs. If however you intend to obtain voting rights,
then you need to join as a Prospective Member which requires you to obtain
and maintain good standing. Please take a moment to look over the membership
rules (along with the requirements to obtain and maintain good standing):
Participation and membership: http://www.oasis-open.org/committees/process.php#2.4
and termination: http://www.oasis-open.org/committees/process.php#2.5.
Please also review the OASIS IPR policy (http://www.oasis-open.org/committees/process.php#2.17)
– it is necessary that you fully understand the implications of the OASIS
IPR policy.
To conclude, please reply
with your intention of joining either as a prospective member or maintaining
a status of observer. We look forward to your participation.
Luc
Luc Clément | Co-Chair
OASIS UDDI TC | Senior Program Manager | Systinet Corporation |
One van de Graaff Drive Burlington,
MA 01803
Phone +1 781.362.1330 | Mobile
+1 978.793.2162 | Fax +1 781.362.1400 |
From: Oleg Mikulinsky [mailto:oleg.mikulinsky@weblayers.com]
Sent: Thursday, May 26, 2005 18:13
To: Luc Clement; Rogers, Tony
Subject: Request to become UDDI Specification working group member
Gentlemen,
I would like to join UDDI Specification group
as a member.
I have been in observer role in UDDI group
for about a month now, as well as a contributing member to the OASIS SOA-RM.
group.
And I have been reading recent thread's about
describing service related policies in UDDI with a great interest.
In the last couple of years, I was involved
with several UDDI deployments as principal consultant / architect, as well
as authored several architecture specifications, policies and best practices
for fortune 500 companies.
I believe I have knowledge and expedience
to contribute to this group.
Best regards,
Oleg Mikulinsky
Director of Enterprise Architecture
WebLayers, Inc.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]