OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [ws-sx] Comments on Security Policy and a Suggestion

Recently, Prateek and I and our product folks started looking at SecurityPolicy
and we were dismayed by the breadth and the complexity.  I doubt that most people
could author Security Policies.  Also, it's not clear if the specification works -- in that
there may be practical situations that users want to express than cannot be expressed
by Security Policy.

So, I thought that what may be useful is to create a small number of usecases that
represent typical customer usages of security in Web Services.  Then we try and write 
Policies for these use cases and see what happens.  

I foresee two benefits from such an exercise:
- We will find bugs and other usage problems and validate the design.
- The resulting policies will be very useful and many users will just be
able to use these canned policies for their work.

I can try and write the policies but someone else needs to provide the usecases.

All the best, Ashok

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]