OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-calendar message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Created: (WSCALENDAR-191) All - Our concernis more toward the security that I am not sure if it will be animplementation concern from any vendor or development side or not.

All - Our concern is more toward the security that I am not sure if it will be an implementation concern from any vendor or development side or not. 
-----------------------------------------------------------------------------------------------------------------------------------------------------

                 Key: WSCALENDAR-191
                 URL: http://tools.oasis-open.org/issues/browse/WSCALENDAR-191
             Project: OASIS Web Services Calendar (WS-Calendar) TC
          Issue Type: Bug
          Components: schema
    Affects Versions: pr01
         Environment: IRC
            Reporter: Toby Considine
            Assignee: Toby Considine


The attached word document contains the vulnerabilities in client and server implementation of the iCalendar specification. ws-calendar-1.0-spec-cd-01.pdf mentions "CalWS is a web services calendar access API developed by The Calendaring and Scheduling Consortium and the OASIS organization, to be used as part of the Oasis WS-Calendar standard. It provides an API to access and manipulate calendar data stored on a server. It follows a similar data model to CalDAV and has been designed to co-exist with a CalDAV service offering the same data." It also states "CalDAV is a calendar access protocol and is defined in RFC 4791. The protocol is based on WebDAV which is an extension to HTTP that provides enhanced capabilities for document management on web servers." It sounds like CalWS is derivative of CalDAV, which is derivative of WebDAV. We currently have 26 filters that deal with various vulnerabilities in WebDAV. I believe a lot of them are specific to how various vendors implemented the RFC for WebDAV  (File will be submitted with comments: iCalendarVulnerability20101018.docx)  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]