OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [wss] Issue #45


Issue #45 WS_Security Core, Draft 3 uses "Multiple trust domains" on Lines 114 and 141 but never defines this term.  "End-to-end message level security" on line 141 is also not defined.  


Since this is my issue I believe that I owe a first cut at the definitions for Multiple Trust Domains and End-to-end message level security.


The definition of trust in the literature is all over the place.  As an example of this, Tyrone Grandison and Morris Sloman, Imperial College in their paper “A Survey of Trust in Internet Applications” say  “Trust is a vast topic that incorporates trust establishment, trust management, and security concerns. The lack of consensus with regards to trust has led authors to use the terms trust, authorization, and authentication interchangeably.”


To come up with a definition of a Trust Domain, I have borrowed the ideas in the definition of Trust Management from the paper “Decentralized Trust Management” - Matt Blaze, Joan Feigenbaum, Jack Lacy, AT&T Research, which follows:


"... determining whether particular sets of credentials satisfy the relevant policies and deferring trust to third parties."


From this, I offer the following definition of a Trust Domain -

 

A Trust Domain is a security space in which the target of a request can determine whether particular sets of credentials from a source satisfy the relevant security policies of the target.  The target may defer trust to a third party thus including the trusted third party in the Trust Domain.

 

Multiple Trust Domains are when a target establishes more that one simultaneous Trust Domain.

 

A definition for End-to-end message level security is:

End-to-end message level security is established when a message that traverses multiple applications within and between business entities, i.e. companies, divisions, business units, is secure over its full route through and between those business entities.  This includes not only messages that are initiated within the entity but also those messages that originate outside the entity, whether they are Web Services or the more traditional messages.  

 

Don

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC