OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-interfaces message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [Fwd: Re: [wsrp-interfaces] Please investigate your WS-Security support]

CCing the group.

Subbu
--- Begin Message --- 
I raised the following areas in today's call, but I would like the group 
to think about as well.

a. My feeling is that we should let the stack implementors drive 
security, and let WSRP, an application protocol, rely on the stacks for 
this support. I would like to look it the way we looked at attachments 
support.

b. Interop is going to be an issue particularly since stack level 
security supports may vary in their support for standards. Although 
desirable, plug-and-play interoperability for web services security may 
be harder to realize than the current interop levels we demonstrated.

c. There is also a danger of undercutting some of the security specs by 
making recommendations on what standards to use in what manner. To me 
that seems to be a slippery slope to follow.

I'm not proposing that we stop talking about security, but as we go 
through the education process, I would like to revisit these issues.

Regards,

Subbu

Michael Freedman wrote:

> For next Wednesday's Interfaces call I would like to begin
> discussion/looking at consumer/producer Security.  Richard has put a
> feature proposal out on the website which it would be good to
> read/review as it dicusses the landscape/layers of WebServices security
> and lays out a few use cases.  Besides looking at this I would also like
> to ask those individuals that work for companies that provide
> application server/web service stacks if they would try and determine
> what your companies plans are for supporting the various
> layers/technologies in the stack [in Richards document] over the next
> 12-18 months.   I think it will be useful to ground a lot of our
> covnseration not so much in what will ultimately be there but more in
> what is practically there [from an interoperable standpoint] in the
> timeframe of our 2.0.  The rationale for this is that Securitry
> will/should become an urgent sticking point for a percentage of our
> potential customers. 
>     In particular can you look into your plans for supporting:
>        XMLSignature
>        XMLEncryption
>        WS-Security
> 
>     To a lesser extent it would be interesting if and what plans there
> are for supporting SAML and higher level layers of the WSS stack like
> WS-Policy.
>       -Mike-
>
--- End Message ---

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]