OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsdm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wsdm] Security Question: MOWS: Managing Secure Web services

Title: Message
This is good start.
 
Let's get going from Metrics to Audit (what you called notifications). Discuss, define capabilities, get them into the spec.
 
I would put configuration later on the list as it may need to be coordinated with what SPML and groups like that are doing.
 

-- Igor Sedukhin .. (igor.sedukhin@ca.com)
-- (631) 342-4325 .. 1 CA Plaza, Islandia, NY 11788

 

From: Jeff Bohren [mailto:jbohren@opennetwork.com]
Sent: Saturday, June 05, 2004 9:45 PM
To: Heather Kreger; wsdm@lists.oasis-open.org
Subject: RE: [wsdm] Security Question: MOWS: Managing Secure Web services

Similar to the other thread, I would have the following categories:
 
Configuration:
    Transport level authentication settings
    PKI Info (server cert, trusted CAs, CRLs)
    TLS Configuration
    HTTP restrictions (allowed verbs, etc)
    SOAP specific security settings
 
Metrics:
    Successful Authentications (total, per time period, etc)
    Failed Authentications
    Successful Authorizations
    Failed Authorizations
 
Notifications:
    Failed Authentications
    Failed Authorizations
 
Policies:
    Access control rules
 
One intersting question to me is whether the transport level security is managed on the same resource as the SOAP security? In other words a SOAP/HTTPS endpoint could have security at the transport level (via HTTPS, Basic Auth, etc) and at the SOAP level (WSS). Is this considered the same WSDM resource, or is there one resource for the HTTPS endpont and one for the SOAP end point?
 
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
 
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
 
-----Original Message-----
From: Heather Kreger [mailto:kreger@us.ibm.com]
Sent: Friday, June 04, 2004 9:28 AM
To: wsdm@lists.oasis-open.org
Subject: [wsdm] Security Question: MOWS: Managing Secure Web services




per our call today, I'm starting this email thread on managing policies for secure Web services.

Given that security can be managed for 'any IT resource' using WSDM, are there specific additional requirements
when that IT resource is a Web service?

Heather Kreger
STSM, Web Services Lead Architect for SWG Emerging Technologies
Author of "Java and JMX: Building Manageable Systems"
kreger@us.ibm.com
919-543-3211 (t/l 441) cell:919-496-9572

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]