OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsia message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [wsia][wsia-requirements][R150 - R153]

The security subcommittee has been working on identifying security related
requirements. Looking at the current requirement numbering, I'll assign
these numbers in the range R150-R199 so we can cleanly discuss them prior
to adding them into the requirements document.

The authentication state of the End-User MUST be represented in the
Producer's context data. This authentication state SHOULD be modifiable by
the Producer, Consumer and End-User.

A Producer SHOULD timeout the authentication state of an End-User
separately from any other timeout.

The specification MUST allow a Consumer to offer Single SignOn (SSO)

It SHOULD to make the communication channels private and/or integral such
that message modifications are detectable.
A Producer SHOULD be able to specify Access Control for its context data.
Producers MUST generate an error on invalid access attempts.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC