OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-interfaces message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [Fwd: Tomorrow's concall]

Apologies for the retransmit but a couple of folks joined the group this afternoon and I wanted them to see the agenda as well.

-------- Original Message --------
Return-Path: <Michael.Freedman@oracle.com>
Received: from rgmum1.us.oracle.com by rgmum13.us.oracle.com with ESMTP id 3617597801083097470; Tue, 27 Apr 2004 14:24:30 -0600
Received: from rgmgw3.us.oracle.com by rgmum6.us.oracle.com with ESMTP id 1213762711083097317; Tue, 27 Apr 2004 14:21:57 -0600
Received: from localhost (localhost []) by rgmgw3.us.oracle.com (Switch-3.1.4/Switch-3.1.0) with SMTP id i3RKLvAG000879 for <Michael.Freedman@oracle.com>; Tue, 27 Apr 2004 14:21:57 -0600
Received: from oracle.com (dhcp-2op8-west-130-35-95-116.us.oracle.com []) by rgmgw3.us.oracle.com (Switch-3.1.4/Switch-3.1.0) with ESMTP id i3RKLjUp000507; Tue, 27 Apr 2004 14:21:45 -0600
Message-ID: 408EC020.8050505@oracle.com"><408EC020.8050505@oracle.com>
Date: Tue, 27 Apr 2004 13:18:40 -0700
From: Michael Freedman <Michael.Freedman@oracle.com>
Organization: Oracle Corporation
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: interfaces <wsrp-interfaces@lists.oasis-open.org>
Subject: Tomorrow's concall
Content-Type: multipart/alternative; boundary="------------010602090606060606070203"

Is on.  I am hoping that both Rich and Richard will be able to join this week and so we can have further discussions on Security.  The agenda will be as follows:

a) roll call
b) warning about new conference call number/process
c) interfaces roundtable:  anything nwe on any of the "features"
d) Security discussion
e) Do we want a call next Wednesday as I am out on the 12th??

For the Security discussion:
I would like to try and begin to reach a consensus on whether there is anything for us to do in this area and if so what.  After the last conference call Subbu sent the following e-mail:
I raised the following areas in today's call, but I would like the group to think about as well.

a. My feeling is that we should let the stack implementors drive security, and let WSRP, an application protocol, rely on the stacks for this support. I would like to look it the way we looked at attachments support.

b. Interop is going to be an issue particularly since stack level security supports may vary in their support for standards. Although desirable, plug-and-play interoperability for web services security may be harder to realize than the current interop levels we demonstrated.

c. There is also a danger of undercutting some of the security specs by making recommendations on what standards to use in what manner. To me that seems to be a slippery slope to follow.

My personal view is that the game starts for us once a producer can publish its security requirements to the consumer.  For until that happens any producer expecting any type of security [other https which is already publishable] will have to be "out-of-band" registered/configured by the consumer.  And at this point we have stayed away from defining/talking about formalizing "out-of-band" mechanisms.  As I don't see either a standard [WS-Policy] or uniform interoperable implementations happening in the next 6 months a question to consider is whether we merely need to wait [and do nothing], define a simple [potentially temporary] publishing protocol in WSRP or articulate some other value/work product to produce here related to its out-of-band nature.

Talk to you all tomorrow.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]