[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Draft wording for security section
Here is a rough draft of text to be added to section 6 (Security). I'm
not entirely happy with the wording, but I believe it covers what we
discussed in yesterday's session. In addition to the usual concerns of authorization and message integrity which apply to all web services, notification presents issues all its own due to the third-party nature of subscription. Since the NotificationProducer is agreeing to produce Notifications for a consumer based on the requests of a Subscriber, it must assure itself that there is no harm in producing these Notifications. A malicious Subscriber may request Notifications be sent to a party that is not authorized to receive them. It may also mount DOS attacks by requesting large volumes of Notifications be sent to parties that cannot handle them. The NotificationProducer may address these risks in many different ways, including but not limited to:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]