ws-rx message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [ws-rx] New Issue: security threats and requirements
- From: Doug Davis <dug@us.ibm.com>
- To: ws-rx@lists.oasis-open.org
- Date: Wed, 10 May 2006 17:25:23 -0400
Gil,
Just a generic question on this
doc...in most of the WS specs the security sections seem to focus on what
you have in section 5.5. The previous sections are all very useful
and very informative in terms of explaining all of the bad things people
can do - so I'm wondering if you really think all of it should go into
the RM spec or just 5.5? Would the other stuff be better in some
other doc (like the dev guide Jacques is thinking of) or even some whitepaper?
thanks
-Doug
"Gilbert Pilz"
<Gilbert.Pilz@bea.com>
05/09/2006 05:41 PM
|
To
| <ws-rx@lists.oasis-open.org>
|
cc
|
|
Subject
| [ws-rx] New Issue: security threats
and requirements |
|
Chapter 5 of the WS-RM spec
has a number of problems:
1. It
lacks information specific to WS-RM. What needs to be protected and why?
2. It
is overly general in parts; describing general security concepts that don't
have anything specifically to do with WS-RM.
3. It
recommends specific solutions (WS-SecureConversation) in preference to
other solutions (e.g. HTTPS).
4. It
lacks the detailed security requirements that are needed by implementers
to build secure WS-RM implementations.
Proposal: Replace Chapter
5 with the attached material.[attachment "sec_analysis.pdf" deleted
by Doug Davis/Raleigh/IBM]
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]