[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 66: Comments on Security Policy and a Suggestion
This is logged as issue 66. -----Original Message----- From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com] Sent: Wednesday, April 05, 2006 9:08 AM To: ws-sx@lists.oasis-open.org Subject: [ws-sx] Comments on Security Policy and a Suggestion Recently, Prateek and I and our product folks started looking at SecurityPolicy and we were dismayed by the breadth and the complexity. I doubt that most people could author Security Policies. Also, it's not clear if the specification works -- in that there may be practical situations that users want to express than cannot be expressed by Security Policy. So, I thought that what may be useful is to create a small number of usecases that represent typical customer usages of security in Web Services. Then we try and write Policies for these use cases and see what happens. I foresee two benefits from such an exercise: - We will find bugs and other usage problems and validate the design. - The resulting policies will be very useful and many users will just be able to use these canned policies for their work. I can try and write the policies but someone else needs to provide the usecases. All the best, Ashok
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]