[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wsrp-wsia] [change request #2] Restricting access based onregistration handle
Document: WSRP spec Section: 5.2 Page/Line: 29/11-14 Requested by: Rich Thompson Old text: Producers may also find it useful to restrict the information returned to those portions of the service that the registration context will allow the Consumer to access on subsequent invocations. Producers using various security standards (e.g. WS-Security or SSL) to secure the communication should delegate this access control issue to the relevant security context. Proposed text: (delete these 2 sentences) Reasoning: When our security people read through the spec, they found these two sentences not useful for several reasons, primarily: 1 - They don't really say anything beyond the sentence at line 7. 2 - By raising the question of delegating such decisions without fully specifying how such delegation would work, the spec does more to confuse than to help. 3 - It really isn't the role of the WSRP spec to define how implementations will also support various security standards.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC