[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: Re: [wsrp-interfaces] Please investigate your WS-Security support]
CCing the group. Subbu
--- Begin Message ---
- From: Subbu Allamaraju <subbu@bea.com>
- To: Michael Freedman <Michael.Freedman@oracle.com>
- Date: Wed, 14 Apr 2004 10:33:27 -0600
I raised the following areas in today's call, but I would like the group to think about as well. a. My feeling is that we should let the stack implementors drive security, and let WSRP, an application protocol, rely on the stacks for this support. I would like to look it the way we looked at attachments support. b. Interop is going to be an issue particularly since stack level security supports may vary in their support for standards. Although desirable, plug-and-play interoperability for web services security may be harder to realize than the current interop levels we demonstrated. c. There is also a danger of undercutting some of the security specs by making recommendations on what standards to use in what manner. To me that seems to be a slippery slope to follow. I'm not proposing that we stop talking about security, but as we go through the education process, I would like to revisit these issues. Regards, Subbu Michael Freedman wrote: > For next Wednesday's Interfaces call I would like to begin > discussion/looking at consumer/producer Security. Richard has put a > feature proposal out on the website which it would be good to > read/review as it dicusses the landscape/layers of WebServices security > and lays out a few use cases. Besides looking at this I would also like > to ask those individuals that work for companies that provide > application server/web service stacks if they would try and determine > what your companies plans are for supporting the various > layers/technologies in the stack [in Richards document] over the next > 12-18 months. I think it will be useful to ground a lot of our > covnseration not so much in what will ultimately be there but more in > what is practically there [from an interoperable standpoint] in the > timeframe of our 2.0. The rationale for this is that Securitry > will/should become an urgent sticking point for a percentage of our > potential customers. > In particular can you look into your plans for supporting: > XMLSignature > XMLEncryption > WS-Security > > To a lesser extent it would be interesting if and what plans there > are for supporting SAML and higher level layers of the WSS stack like > WS-Policy. > -Mike- >--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]