OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-poc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Priorities for Vancouver POC


Of note, a properly signed and encrypted method using X.509 certificates
could simultaneously provide secure access to the reg/rep.

My two wons (Korean)...

JP 

-----Original Message-----
From: Krishna Sankar
To: ebxml-regrep@lists.ebxml.org; ebxml-poc@lists.ebxml.org
Sent: 12/1/2000 7:13 PM
Subject: RE: Priorities for Vancouver POC

Hi all,

	Here is what I see :

	POC has at least four areas/specifications to demonstrate :
TRP,TPA,RegRep
and BP/CC.

	TRP of course will show it's security at that level. As Scott
says, it is
important and we should show this in Vancouver.

	RegRep has it's own security requirements and implementation.
And we should
show this. I believe that (like Joel) document security is important,
remember we are publishing even login URL in the registry. We do not
want
this kind of information to get into wrong hands and/or wrong folks
changing
this. So as far as the registry is concerned, it is authentication &
authorization - which we will have to show at Vancouver.

	And yes, AdHoc query is also important and we should show that
as well.

	...

	My point is (finally ;-)) the TRP security and RegRep security
are two
orthogonal issues and we need to do both. We cannot prioritize one over
the
other.

	my 2 yens !

	cheers

-----Original Message-----
From: Farrukh Najmi [mailto:Farrukh.Najmi@east.sun.com]
Sent: Friday, December 01, 2000 1:15 PM
To: Scott Hinkelman
Cc: Farrukh Najmi; Munter, Joel D; 'Prasad Yendluri';
ebxml-regrep@lists.ebxml.org; ebxml-poc@lists.ebxml.org
Subject: Re: Priorities for Vancouver POC


Excellent point Scott. One cannot do Authentication and Authorization
without
the ability to send a signed message as well as signed payload, for
example.

--

Regards,
Farrukh

Scott Hinkelman wrote:

> I believe the security issue for the next POC needs to be demonstrated
in
> context of the transport not Registry. Demonstrating security at the
> Registry is similar to
> the application layer and less needed at this point.
>
> We need to demonstrate to the press that a secure messaging layer is
> emerging.
>
> Scott Hinkelman, Senior Software Engineer
> XML Industry Enablement
> IBM e-business Standards Strategy
> 512-823-8097 (TL 793-8097) (Cell: 512-940-0519)
> srh@us.ibm.com, Fax: 512-838-1074
>
> Farrukh Najmi <Farrukh.Najmi@east.sun.com> on 12/01/2000 12:04:27 PM
>
> To:   "Munter, Joel D" <joel.d.munter@intel.com>
> cc:   "'Prasad Yendluri'" <pyendluri@webmethods.com>,
>       ebxml-regrep@lists.ebxml.org
> Subject:  Re: Priorities for Vancouver POC
>
> I strongly agree with Prasad. Ad hoc queries will make our Registry
really
> capable.
>
> My priority is:
>
> 1. Ad hoc query.
> 2. Basic Authentication and Authorization
>
> --
>
> Regards,
> Farrukh
>
> "Munter, Joel D" wrote:
>
> > reply:
> >
> > I strongly disagree. I believe that there are many issues yet to be
dealt
> > with that are heavily dependent upon a well designed and specified
> security
> > model.  e.g., We have yet to address the security aspects of
> "distributed"
> > registry/repository.  Security must be specified and worked sooner
rather
> > than later.
> >
> > In direct contrast, I believe that Ad Hoc query can easily be added
> later.
> >
> > Joel
> >
> > -----Original Message-----
> > From: Prasad Yendluri [mailto:pyendluri@webmethods.com]
> > Sent: Thursday, November 30, 2000 2:06 PM
> > To: ebxml-regrep@lists.ebxml.org
> > Subject: Re: Priorities for Vancouver POC
> >
> > Farrukh,
> >
> > IMHO security (authetication or authorization) is a well understood
> aspect
> > and will easily fall in place anytime.  Enriching the "registry"
> > capabilities should be a priority. Hence I would vote for ad hoc
query
> > capability
> >
> > Thanks, Prasad
> >
> > Farrukh Najmi wrote:
> >
> > > In today's POC con call today I was asked to gather input from the
> > > Registry team on our priorities for Registry functionality that
should
> > > be implemented and shown for Vancouver. The one guideline we must
bear
> > > in mind is that any functionality that we suggest for POC must be
> > > speced.
> > >
> > > According to our phased delivery plan developed at Tokyo, we have
the
> > > following new functionality planned for our specs for Release 1
> > > (Vancouver time frame):
> > >
> > > -Registry security (authentication and authorization)
> > > -Ad hoc query capability
> > >
> > > Please share your sense of priorities for what Registry
functionality
> > > should be implemented and shown for the Vancouver POC. Please
indicate
> > > priority (1 being highre priority than 2).
> > >
> > > --
> > > Regards,
> > > Farrukh
>
> --
> Regards,
> Farrukh

--
Regards,
Farrukh




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help


Powered by eList eXpress LLC