OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Comments on Security Policy and a Suggestion

At yesterday's WS-SX F2F meeting I suggested that part of this analysis
could be based on the WS-I "Security Challenges, Threats and
Countermeasures Version 1.0" document [1].



Paul Cotton, Microsoft Canada
17 Eleanor Drive, Ottawa, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329


> -----Original Message-----
> From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com]
> Sent: April 5, 2006 12:08 PM
> To: ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Comments on Security Policy and a Suggestion
> Recently, Prateek and I and our product folks started looking at
> SecurityPolicy
> and we were dismayed by the breadth and the complexity.  I doubt that
> people
> could author Security Policies.  Also, it's not clear if the
> works -- in that
> there may be practical situations that users want to express than
> be expressed
> by Security Policy.
> So, I thought that what may be useful is to create a small number of
> usecases that
> represent typical customer usages of security in Web Services.  Then
> try and write
> Policies for these use cases and see what happens.
> I foresee two benefits from such an exercise:
> - We will find bugs and other usage problems and validate the design.
> - The resulting policies will be very useful and many users will just
> able to use these canned policies for their work.
> I can try and write the policies but someone else needs to provide the
> usecases.
> All the best, Ashok

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]