OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsdm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wsdm] Security Questions: Are Manageable Resources Secure?

It is now convential to refer to this requirement (encryption) as "confidentiality" rather than "privacy". The reason is that privacy is normally used to indicate the variety of concerns and mechanisms required to assure individual's security.
Many security mechanisms, e.g. encryption, access control may have privacy as one of its motivations, but privacy requirements may also involve unique requirements and technologies.
I believe we have already identified confidentiality as a requirement which addresses your concerns.
-----Original Message-----
From: Mark Ellison [mailto:ellison@ieee.org]
Sent: Saturday, June 26, 2004 8:53 PM
To: Heather Kreger
Cc: wsdm@lists.oasis-open.org
Subject: Re: [wsdm] Security Questions: Are Manageable Resources Secure?

Hi Heather,

(I'm catching up with wsdm email...)

Should we call out "privacy" along with authentication and authorization.  Essentially, privacy is the encrypted wrapping of message payloads.  While access to data is controlled by authentication and authorization, privacy minimizes the possibility that sensitive information can be sniffed and seen by unauthorized individuals having a promiscuous interface on a shared network segment.

Examples of sensitive data are bank account or credit card numbers, medical information about a patient, or the password for a user.

Some data should not be transmitted to authenticated and authorized individuals unless it is encrypted.



Heather Kreger wrote:

Per our call today, I'm starting this email thread to discuss and ensure that WSDL described interactions with
manageable resources (which are WS-Resources) are sufficiently secure.

Which leads to the follow-on question: Do manageable resources have any additional requirements on security
than any other Web service? i.e. authentication, authorization, etc.

Heather Kreger
STSM, Web Services Lead Architect for SWG Emerging Technologies
Author of "Java and JMX: Building Manageable Systems"
919-543-3211 (t/l 441) cell:919-496-9572

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]