OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-brsp-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-brsp-comment] Re: 15-day Public Review for Basic Security Profile Version 1.1 - ends September 13th

Thanks you for your comments Anish. We will discuss it in next meeting.

-----Original Message-----
From: ws-brsp-comment@lists.oasis-open.org [mailto:ws-brsp-comment@lists.oasis-open.org] On Behalf Of Anish Karmarkar
Sent: Monday, September 08, 2014 1:43 PM
To: ws-brsp-comment@lists.oasis-open.org
Subject: [ws-brsp-comment] Re: 15-day Public Review for Basic Security Profile Version 1.1 - ends September 13th

The new PR draft relaxes the requirements from mandating SHA-1 to mandating either SHA-1 or any of the SHA-2 algorithms (extensibility point E0014).

Understandable given the issues with SHA-1. But the profile goes to great lengths to ensure interoperability when using SHA-1 (see R5421 and similar requirements). It specifies how to communicate with the other side that SHA-1 is being used. There is nothing comparable specified for SHA-2.

Given that the fundamental reason the profiles were created were to enable interoperability, it makes sense to include the same level (or
equivalent) of interop requirements for SHA-2 as there are for SHA-1.

Thanks and regards.

-Anish Karmarkar
WS-I Member Section Steering Committee member

On 8/29/14, 11:00 AM, Paul Knight wrote:
> OASIS members,
> The WS-BRSP TC members [1] have produced an updated Committee 
> Specification Draft (CSD) and submitted this specification for 15-day 
> public review:
> Basic Security Profile Version 1.1
> Committee Specification Draft 02 / Public Review Draft 02
> 06 August 2014
> Specification Overview:
> The Basic Security Profile is an extension profile to the Basic 
> Profile (either v1.1 or v1.0), consisting of a set of clarifications, 
> refinements, interpretations and amplifications to a combination of 
> non-proprietary Web services specifications in order to promote 
> interoperability. It is designed to support the addition of security 
> functionality to SOAP messaging.
> Public Review Period:
> The public review starts 30 August 2014 at 00:00 UTC and ends 13 
> August
> 2014 at 23:59 UTC.
> This is an open invitation to comment. OASIS solicits feedback from 
> potential users, developers and others, whether OASIS members or not, 
> for the sake of improving the interoperability and quality of its 
> technical work.
> URIs:
> The prose specification document and related files are available here:
> Editable source (Authoritative):
> http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd02/B
> asicSecurityProfile-v1.1-csprd02.doc
> http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd02/B
> asicSecurityProfile-v1.1-csprd02.html
> PDF:
> http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd02/B
> asicSecurityProfile-v1.1-csprd02.pdf
> Additional information about this specification and the OData TC may 
> be found on the TC's public home page located at:
> http://www.oasis-open.org/committees/ws-brsp/
> Comments may be submitted to the TC by any person through the use of 
> the OASIS TC Comment Facility which can be accessed via the button 
> labeled "Send A Comment" at the top of the TC public home page, or directly at:
> http://www.oasis-open.org/committees/comments/form.php?wg_abbrev=ws-br
> sp
> Feedback submitted by TC non-members for this work and for other work 
> of this TC is publicly archived and can be viewed at:
> http://lists.oasis-open.org/archives/ws-brsp-comment/
> All comments submitted to OASIS are subject to the OASIS Feedback 
> License, which ensures that the feedback you provide carries the same 
> obligations at least as the obligations of the TC members. In 
> connection with this public review of 'Basic Security Profile Version 
> 1.1', we call your attention to the OASIS IPR Policy [2] applicable 
> especially [3] to the work of this technical committee. All members of 
> the TC should be familiar with this document, which may create 
> obligations regarding the disclosure and availability of a member's 
> patent, copyright, trademark and license rights that read on an approved OASIS specification.
> OASIS invites any persons who know of any such claims to disclose 
> these if they may be essential to the implementation of the
> above specification, so that notice of them may be posted to the 
> notice page for this TC's work.
> ========== Additional references:
> [1] OASIS Web Services Basic Reliable and Secure Profiles (WS-BRSP) TC 
> http://www.oasis-open.org/committees/ws-brsp/
> [2] http://www.oasis-open.org/policies-guidelines/ipr
> [3] http://www.oasis-open.org/committees/ws-brsp/ipr.php
> https://www.oasis-open.org/policies-guidelines/ipr#s10.3
> Non-assertion Mode
> Best regards,
> Paul
> --
> Paul Knight <mailto:paul.knight@oasis-open.org>  - Tel: +1 
> 781-861-1013 OASIS <https://www.oasis-open.org/> - Advancing open 
> standards for the information society Document Process Analyst 
> <https://www.oasis-open.org/people/staff/paul-knight>

This publicly archived list offers a means to provide input to the OASIS Web Services Basic Reliable and Secure Profiles (WS-BRSP) TC.

In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting.

Subscribe: ws-brsp-comment-subscribe@lists.oasis-open.org
Unsubscribe: ws-brsp-comment-unsubscribe@lists.oasis-open.org
List help: ws-brsp-comment-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/ws-brsp-comment/
Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
Committee: http://www.oasis-open.org/committees/ws-brsp
Join OASIS: http://www.oasis-open.org/join/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]