[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 168 FW: [ws-sx-comment] Policy to require persisted trace logencryption?
Giving this one an issue number to keep track of it, issue 168. -----Original Message----- From: Stephen Green [mailto:stephen.green@bristol.gov.uk] Sent: Wednesday, April 02, 2008 6:35 AM To: ws-sx-comment@lists.oasis-open.org Subject: [ws-sx-comment] Policy to require persisted trace log encryption? Greetings WS-SX TC I've a question/comment regarding web services security policies. I would expect, rightly or wrongly, that a there would be a policy to require that a web server handling a web service encrypt all messages for a particular web service in *traces*. Is this within scope for ws security policy specifications and is it already handled? Is it part of a security policy scope to include the conformance requirement that for a certain encryption policy in a web service the traces too are encrypted? If not then would it not be the ideal for the scope to be increased to cover this, when such trace logs are persisted and used for ongoing monitoring in production use? As there are reasons to have traces still operating in production environments (such as monitoring, perhaps for audit reasons) it seems reasonable that a security policy covering encryption of all or part of the ws message have a conformance requirement that the same policy be enforced in the trace for 'end-to-end' security. Maybe if there is no such requirement for existing policies then there would seem to me ample reason to have a new policy for which this applies. Maybe it could be of such granularity that it can be applied to just certain parts of the message, like with signatures, say. I previously asked / comented on W3C's WS-Policy list but was directed to this TC. http://lists.w3.org/Archives/Public/public-ws-policy/2008Apr/0000.html Best regards ------------------------------------------------------------ Stephen Green Senior IT Officer Bristol City Council Room G45, Romney House Romney Avenue Bristol BS7 9TB Tel: 0117 922 3794 Fax: 0117 922 4877 Email: stephen_green@bristol.gov.uk ______________________________________________________________________ 'Do it online' with our growing range of online services - http://www.bristol.gov.uk/services Sign-up for our email bulletin giving news, have-your-say and event information at: http://www.bristol.gov.uk/newsdirect Watch webcasts of Council meetings at http://www.bristol.gov.uk/webcast -- This publicly archived list offers a means to provide input to the OASIS Web Services Secure Exchange (WS-SX) TC. In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting. Subscribe: ws-sx-comment-subscribe@lists.oasis-open.org Unsubscribe: ws-sx-comment-unsubscribe@lists.oasis-open.org List help: ws-sx-comment-help@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/ws-sx-comment/ Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]