[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Created: (WSCALENDAR-191) All - Our concernis more toward the security that I am not sure if it will be animplementation concern from any vendor or development side or not.
All - Our concern is more toward the security that I am not sure if it will be an implementation concern from any vendor or development side or not. ----------------------------------------------------------------------------------------------------------------------------------------------------- Key: WSCALENDAR-191 URL: http://tools.oasis-open.org/issues/browse/WSCALENDAR-191 Project: OASIS Web Services Calendar (WS-Calendar) TC Issue Type: Bug Components: schema Affects Versions: pr01 Environment: IRC Reporter: Toby Considine Assignee: Toby Considine The attached word document contains the vulnerabilities in client and server implementation of the iCalendar specification. ws-calendar-1.0-spec-cd-01.pdf mentions "CalWS is a web services calendar access API developed by The Calendaring and Scheduling Consortium and the OASIS organization, to be used as part of the Oasis WS-Calendar standard. It provides an API to access and manipulate calendar data stored on a server. It follows a similar data model to CalDAV and has been designed to co-exist with a CalDAV service offering the same data." It also states "CalDAV is a calendar access protocol and is defined in RFC 4791. The protocol is based on WebDAV which is an extension to HTTP that provides enhanced capabilities for document management on web servers." It sounds like CalWS is derivative of CalDAV, which is derivative of WebDAV. We currently have 26 filters that deal with various vulnerabilities in WebDAV. I believe a lot of them are specific to how various vendors implemented the RFC for WebDAV (File will be submitted with comments: iCalendarVulnerability20101018.docx) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]