OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-caf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-caf] outstanding issues for WS-Context

Title: Message
I don't believe so, but see below.
 
We actually decided to ask the editors to work on the resolved issues, and for members to raise any other issues on their minds as soon as possible. I raised this point in writing on the list at the time (failed to formalize it into an issue because I wasn't clear in my own mind). Now that "feedback" arrives in the shape of an issue on security [what is the exact content of that by the way: I can't see any text other than the summary in the Bugzilla record?], it made be think that the "security through obscurity" approach of two refs (which I think is a "Habsburg tail", an evolutionary vestige) is just not right, and that it would be a very simple change to collapse two into one.
 
The other aspect (introducing "security") is obviously a much weightier matter.
 
I'm not greatly fussed about the two-to-one, but I think it would clean things up. I think that in formal terms the issues list is not closed until the document is approved, but I appreciate that a new issue at this late stage might be seen as somewhat anti-social, in which case I'm happy to let it ride.

Alastair 
-----Original Message-----
From: Mark Little [mailto:mark.little@arjuna.com]
Sent: 07 September 2004 16:33
To: Green, Alastair J.; ws-caf
Subject: Re: [ws-caf] outstanding issues for WS-Context

Alastair, I thought that we agreed in SF that unless there are significant bugs, we had closed the issues list for WS-Context for the 1.0 release? So, the idea of making context-service and context-manager a single reference, although interesting to explore, should be deferred to after the 1.0 release IMO.
 
Mark.
----- Original Message -----
Sent: Tuesday, September 07, 2004 4:28 PM
Subject: RE: [ws-caf] outstanding issues for WS-Context

I believe that this issue must be related to my "informal issue" of access control. In other words, if we "secure" then we authorize (and there are various kinds of reads and writes); to authorize we have to authenticate -- which was where my thinking fell down. Authentication by interface reference (I'll give you references only for the operations I wish you to use) only works if the references are artificially different, and after a while it won't be hard to work around that type of "protection".
 
I believe that the introduction of authentication/authorization is a good idea (I'm not the right person to propose how to do it in a WS-friendly way), and I further think that we should remove the double reference we currently have, so that the context service and the context manager are a single service reference.

Alastair
-----Original Message-----
From: Mark Little [mailto:mark.little@arjuna.com]
Sent: 07 September 2004 16:09
To: ws-caf
Subject: [ws-caf] outstanding issues for WS-Context

The only two issues remaining for WS-Context are:
 
 
and on conformance.
 
Expect a follow up in the next few days, hopefully prior enough to the next telecon. that we can discuss them and anything else related to 0.6.
 
Mark.
 
P.S. Now for WS-CF :-)
 
----
Mark Little,
Chief Architect, Transactions,
Arjuna Technologies Ltd.
 
www.arjuna.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]