[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Purpose of Section 9?
The Security section in V1 remained vague (for no fault of WSRP) about handling security, particularly about the problems discussed post V1 such as user identity propagation, confidentiality and integrity. Since those specs have evolved since, and stack implementations are beginning to support those standards, leaving this section as is would be confusing to readers. I have two questions: a. What does the TC think about updating this section with more direct references to various security specs (W3C specs on signature and encruption, OASIS specs on SAML and WS-Security and others). This would atleast give an indication that this TC acknowledges those specs, and recommends using those specs for solving security issues. b. More than a year ago, Richard led some effort in identifying use cases and candidate specs for solving those. Is there any interest in renewing that discussion and come up with a tech note during the V2 timeframe? In the absence of a tech note, updating sec 9 would become more important for the V2 spec. Regards, Subbu
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]