RE: Priorities for Vancouver POC

[Krishna Sankar <ksankar@cisco.com>]

Hi all,

	Here is what I see :

	POC has at least four areas/specifications to demonstrate : TRP,TPA,RegRep
and BP/CC.

	TRP of course will show it's security at that level. As Scott says, it is
important and we should show this in Vancouver.

	RegRep has it's own security requirements and implementation. And we should
show this. I believe that (like Joel) document security is important,
remember we are publishing even login URL in the registry. We do not want
this kind of information to get into wrong hands and/or wrong folks changing
this. So as far as the registry is concerned, it is authentication &
authorization - which we will have to show at Vancouver.

	And yes, AdHoc query is also important and we should show that as well.

	...

	My point is (finally ;-)) the TRP security and RegRep security are two
orthogonal issues and we need to do both. We cannot prioritize one over the
other.

	my 2 yens !

	cheers

-----Original Message-----
From: Farrukh Najmi [mailto:Farrukh.Najmi@east.sun.com]
Sent: Friday, December 01, 2000 1:15 PM
To: Scott Hinkelman
Cc: Farrukh Najmi; Munter, Joel D; 'Prasad Yendluri';
ebxml-regrep@lists.ebxml.org; ebxml-poc@lists.ebxml.org
Subject: Re: Priorities for Vancouver POC


Excellent point Scott. One cannot do Authentication and Authorization
without
the ability to send a signed message as well as signed payload, for example.

--

Regards,
Farrukh

Scott Hinkelman wrote:

> I believe the security issue for the next POC needs to be demonstrated in
> context of the transport not Registry. Demonstrating security at the
> Registry is similar to
> the application layer and less needed at this point.
>
> We need to demonstrate to the press that a secure messaging layer is
> emerging.
>
> Scott Hinkelman, Senior Software Engineer
> XML Industry Enablement
> IBM e-business Standards Strategy
> 512-823-8097 (TL 793-8097) (Cell: 512-940-0519)
> srh@us.ibm.com, Fax: 512-838-1074
>
> Farrukh Najmi <Farrukh.Najmi@east.sun.com> on 12/01/2000 12:04:27 PM
>
> To:   "Munter, Joel D" <joel.d.munter@intel.com>
> cc:   "'Prasad Yendluri'" <pyendluri@webmethods.com>,
>       ebxml-regrep@lists.ebxml.org
> Subject:  Re: Priorities for Vancouver POC
>
> I strongly agree with Prasad. Ad hoc queries will make our Registry really
> capable.
>
> My priority is:
>
> 1. Ad hoc query.
> 2. Basic Authentication and Authorization
>
> --
>
> Regards,
> Farrukh
>
> "Munter, Joel D" wrote:
>
> > reply:
> >
> > I strongly disagree. I believe that there are many issues yet to be
dealt
> > with that are heavily dependent upon a well designed and specified
> security
> > model.  e.g., We have yet to address the security aspects of
> "distributed"
> > registry/repository.  Security must be specified and worked sooner
rather
> > than later.
> >
> > In direct contrast, I believe that Ad Hoc query can easily be added
> later.
> >
> > Joel
> >
> > -----Original Message-----
> > From: Prasad Yendluri [mailto:pyendluri@webmethods.com]
> > Sent: Thursday, November 30, 2000 2:06 PM
> > To: ebxml-regrep@lists.ebxml.org
> > Subject: Re: Priorities for Vancouver POC
> >
> > Farrukh,
> >
> > IMHO security (authetication or authorization) is a well understood
> aspect
> > and will easily fall in place anytime.  Enriching the "registry"
> > capabilities should be a priority. Hence I would vote for ad hoc query
> > capability
> >
> > Thanks, Prasad
> >
> > Farrukh Najmi wrote:
> >
> > > In today's POC con call today I was asked to gather input from the
> > > Registry team on our priorities for Registry functionality that should
> > > be implemented and shown for Vancouver. The one guideline we must bear
> > > in mind is that any functionality that we suggest for POC must be
> > > speced.
> > >
> > > According to our phased delivery plan developed at Tokyo, we have the
> > > following new functionality planned for our specs for Release 1
> > > (Vancouver time frame):
> > >
> > > -Registry security (authentication and authorization)
> > > -Ad hoc query capability
> > >
> > > Please share your sense of priorities for what Registry functionality
> > > should be implemented and shown for the Vancouver POC. Please indicate
> > > priority (1 being highre priority than 2).
> > >
> > > --
> > > Regards,
> > > Farrukh
>
> --
> Regards,
> Farrukh

--
Regards,
Farrukh