[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RES: RES: [wsbpel] new issue: do we want to remove normative wordings in chapter 16 "Security Consideration"?
Agreed. We should, however, avoid any normative statements, which precludes the use of "SHOULD" (or even "should", in the spirit of reducing any confusion as to what is normative). Using "may" or even "can" would be preferable.
________________________________
De: Dieter Koenig1 [mailto:dieterkoenig@de.ibm.com]
Enviada: qui 1/6/2006 06:32
Para: Charlton Barreto
Cc: Alex Yiu; Diane Jordan; Peter Furniss; wsbpeltc
Assunto: Re: RES: [wsbpel] new issue: do we want to remove normative wordings in chapter 16 "Security Consideration"?
+1 ... use "may" (or "SHOULD"?), but not "MUST".
Kind Regards
DK
Dieter König Mail: dieterkoenig@de.ibm.com IBM Deutschland Entwicklung GmbH
Senior Technical Staff Member Tel (office): (+49) 7031-16-3426 Schönaicher Strasse 220
Architect, Business Process Choreographer Fax (office): (+49) 7031-16-4890 71032 Böblingen
Member, Technical Expert Council Tel (home office): (+49) 7032-201464 Germany
"Charlton
Barreto"
<barreto@adobe.co To
m> Dieter Koenig1/Germany/IBM@IBMDE,
"Alex Yiu" <alex.yiu@oracle.com>
01.06.2006 15:11 cc
"Alex Yiu" <alex.yiu@oracle.com>,
"Diane Jordan" <drj@us.ibm.com>,
"Peter Furniss"
<peter.furniss@erebor.co.uk>,
"wsbpeltc"
<wsbpel@lists.oasis-open.org>
Subject
RES: [wsbpel] new issue: do we want
to remove normative wordings in
chapter 16 "Security
Consideration"?
Pursuant to this, I would propose the following:
1) Change "RECOMMENDED" in the first sentence of Chapter 16 to
"recommended"
2) Reword the third sentence of Chapter 16 to read, "When using
WS-Security, signatures may include semantically significant headers and
the message body, as well as any other relevant data, so that they cannot
be independently separated and reused."
3) Change the second sentence of the second paragraph to read, "Messages
may include a message timestamp. such as that described in WS-Security,
within the signature."
-Charlton.
________________________________
De: Dieter Koenig1 [mailto:dieterkoenig@de.ibm.com]
Enviada: qui 1/6/2006 01:24
Para: Alex Yiu
Cc: Alex Yiu; Diane Jordan; Peter Furniss; wsbpeltc
Assunto: Re: [wsbpel] new issue: do we want to remove normative wordings in
chapter 16 "Security Consideration"?
For business processes, it is strongly recommended to secure their partner
interactions.
Other than that, security considerations in general and WS-Security in
particular are orthogonal and out of scope of the WS-BPEL specification, so
there cannot be a MUST statement.
Kind Regards
DK
Dieter König Mail: dieterkoenig@de.ibm.com
IBM Deutschland Entwicklung GmbH
Senior Technical Staff Member Tel (office): (+49)
7031-16-3426 Schönaicher Strasse 220
Architect, Business Process Choreographer Fax (office): (+49)
7031-16-4890 71032 Böblingen
Member, Technical Expert Council Tel (home office): (+49)
7032-201464 Germany
Alex Yiu
<alex.yiu@oracle.
com> To
Diane Jordan <drj@us.ibm.com>,
31.05.2006 18:06 Peter Furniss
<peter.furniss@erebor.co.uk>
cc
wsbpeltc
<wsbpel@lists.oasis-open.org>, Alex
Yiu <alex.yiu@oracle.com>
Subject
[wsbpel] new issue: do we want to
remove normative wordings in
chapter 16 "Security
Consideration"?
New issue: do we want to remove normative wordings in chapter 16
"Security Consideration"?
-----------------------------------
There are 3 occurrences of RFC normative wordings in conjunction with
WS-Security in chapter 16 "Security Consideration". e.g. "RECOMMENDED"
and "SHOULD".
Do we want to remove those normative wordings?
This decision would have implication to how and whether WS-Security is
added in references section.
Submitter Proposal:
I tend to think those wordings and references to WS-Security should be
non-normative. Because, WS-Security usage is orthogonal and optional to
the main concern of WS-BPEL.
-----------------------------------
Thanks!
Regards,
Alex Yiu
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]