[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] WSS Focus
Hi all,
I think we should answer a question, if we
want to create real Web Service Security specification or just SOAP security
header specification. We should do it in very short time.
Because in Web Service Security specification, we
should handle issues for example with in-band negotiation (for example for
security token type, or the QoS and whatever else), proof of possession, WSDL
extensibility elements for declarative security information (required QoS, etc.)
and many other things in the core spec. We can of course do it in
steps, explicitly stating what will be in the 1.0 version of the
spec.
On the other hand, if we want to just specify SOAP
message header, we need only to cope with the attaching opaque (from the spec
point of view) security tokens with the message and cryptographic binding of
these tokens with the message (by means of XML Signature and XML Encryption) in
the core spec. We can then say, that everything else is out of the
scope of the core spec.
I think the answer to this question should give us
background for the requirements document. The use-cases document will be
influenced very much by this answer as well.
cheers,
alex
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC