OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsdm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wsdm][security-action item] Summary of discussion as of 7/8/04

Andreas Dharmawan wrote:


 . . . . . . .

> *_Security of Manageability vs. Manageability of Security_* (Jeff Bohren)
>    *
>       *Security of Manageability* - The security of the Manageability
>       Provider and the underlying communications protocols. How are
>       the management requests authenticated? How are management
>       requests authorized and audited? 
>    *
>       *Manageability of Security* - What security information on the
>       managed resource can be managed by the Manageability Provider.
>       How is this information presented to the Manager. In MOWS, there
>       is the specific use case of managing the configuration of the
>       Web Service Security infrastructure for that web service (among
>       other things).
> *_Security Considerations between Manager and Manageability Provider_* 
> (Andreas Dharmawan)
>    *
>       In an enterprise there will be many manageability resources that
>       belong to many different departments.
>    *
>       Multiple managers may involve in the management of different
>       resources from different departments.
>    *
>       Managers may be interacting with the manageability providers
>       from the intranet, extranet, and intranet.
>    *
>       Samples of security considerations:
>          o
>             Authentication and Authorization
>          o
>             Confidentiality
>          o
>             Non-repudiation
>          o
>             Schema Validation
>          o
>             Standard Compliance
>    *
>       The same manager may be required to use different kinds of
>       credentials when accessing a manageable provider based on
>       whether s/he in the intranet, extranet, or internet.

"Integrity" would appear to be another very common and important 
"security" consideration.

Also, just out of curiosity...... do you really mean Standards 
Compliance or do you actually mean Standards Conformance? According to 
the ISO standard of relevance (ISO 10746-1: Open Distributed Processing 
Reference Model - Part 1: Overview and Guide to Use) (quoting verbatim 
from section 9.2):

"Conformance is a relation between a specification and a real 
implementation, such as an example of a product. It holds
when specific requirements in the specification (the conformance 
requirements) are met by the implementation.
Conformance assessment is the process through which this relation is 

"Compliance is a relation between two specifications, A and B, that 
holds when specification A makes requirements
which are all fulfilled by specification B (when B complies with A)."



Jishnu Mukerji
Senior Systems Architect          1001 Frontier Road, Suite 300
Technology Office                 Bridgewater NJ 08807, USA
Management Software Organization  Tel: +1 908 243 8924
Hewlett-Packard Company           Fax: +1 908 243 8850
                                  mailto: jishnu@hp.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]