OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsdm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wsdm] [UPlat] Security

I like to look at this as:

1) The security of the management infrastructure
2) The management of the security infrastructure

It is reasonable to say the security of the management infrastructure
should be addressed by other standards such as WS-Security. But isn't
the management of the security infrastructure in the scope of the WSDM
effort? We can say that security standards bodies should address
manageability, but that is not likely to happen.

Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc

-----Original Message-----
From: John DeCarlo [mailto:jdecarlo@mitre.org] 
Sent: Thursday, October 30, 2003 10:39 AM
Subject: [wsdm] [UPlat] Security

In response to [assign champions for each item. Start discussions on
mailing list * John - Security.]

Following the definition & need for management of Notification expressed
in the very nice aggregation message from Andreas D:


Primarily the issue with Security is that while the requirement for 
Security within manageability is extremely important, it is not unique 
to manageability.  All the same issues arise with any other Web Services

endpoint.  Every manageability endpoint and many business endpoints will

have requirements for confidentiality, integrity, and authentication, as

well as access control, availability, and privacy (see the definition of


Also, there is the issue of location.  Security may be implemented in 
various ways.  For example, there could be a security filter/proxy in 
front of every Web Services endpoint (including the manageability 
endpoint) that only allows messages through that are valid, 
authenticated, authorized, and have no integrity problems identified.  
Or all of those functions could be performed by the endpoint itself.

Thus, the main concern for Security is that the specification allow for 
external Security infrastructure mechanisms that are composable on top 
of the manageability exposed via Web Services.  This will require 
examining other standards like WS-Security to ensure nothing done in the

specification precludes the composability of Security.

Another external effort is to work with standards groups developing 
interoperable Security infrastructure mechanisms.  It is desirable that 
these mechanisms provide manageability exposed via Web Services.


John DeCarlo, The MITRE Corporation, My Views Are My Own
email:      jdecarlo@mitre.org
voice:      703-883-7116
fax:        703-883-3383
DISA cube:  703-882-0593

To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]