[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 94: Define Domain
Tony suggested that the definition of domain used by SP is from RFC 2828. I don't think so. These are given: ---- $ domain (I) Security usage: An environment or context that is defined by a security policy, security model, or security architecture to include a set of system resources and the set of system entities that have the right to access the resources. (See: domain of interpretation, security perimeter.) (I) Internet usage: That part of the Internet domain name space tree [R1034] that is at or below the name the specifies the domain. A domain is a subdomain of another domain if it is contained within that domain. For example, D.C.B.A is a subdomain of C.B.A. (See: Domain Name System.) (O) MISSI usage: The domain of a MISSI CA is the set of MISSI users whose certificates are signed by the CA. (O) OSI usage: An administrative partition of a complex distributed OSI system. ---- None of these seem to fit. I think the meaning of domain as used by SP is more like this: --- From Merriam-Webster online dictionary: http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=domain 4: a sphere of knowledge, influence or activity <the domain of art> ---- But this begs Ashok's question as to whether WS-SP constitutes one domain or several. Hal > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: Tuesday, July 25, 2006 4:03 PM > To: Ashok Malhotra; ws-sx@lists.oasis-open.org > Cc: Prakash Yamuna > Subject: [ws-sx] Issue 94: Define Domain > > Issue 94. > > -----Original Message----- > From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com] > Sent: Tuesday, July 25, 2006 12:21 PM > To: ws-sx@lists.oasis-open.org > Cc: Prakash Yamuna > Subject: [ws-sx] NEW ISSUE: Define Domain > > Title: We need a definition for "domain" in WS-SecurityPolicy > > Description: > WS-SecurityPolicy uses the word "domain" in several places. For > example, in Section 3.1.3 bullet 4: > "Assertions from one domain MUST NOT be nested inside assertions from > another domain." ... > > Target: WS-SecurityPolicy > > Proposal: I think we all know what's meant here but we need a formal > definition for the word "domain". One possibility is to group all > assertions within a domain in a single namespace that contains only > assertions for that domain. > > All the best, Ashok >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]