OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-poc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Security Proposal


During today's TR&P con-call, it was agreed that Dale Moberg
(S/MIME sign/encrypt payload), Dick Brooks (PGP/MIME sign/encrypt
payload) and I (XMLDSIG sign header and/or payload) would have
draft proposals published before the next con-call (21-Dec).

I encourage those of you who are interested in participating
in the security aspects of the next POC review and provide
feedback on these proposals as they are submitted as they MUST
be finalized during our (TR&P) London f2f in early January.

If you peruse the ebxml-ta-security mail archives, you should find
at least Dale's and my initial-rough-draft proposals. Dick only
signed up today to do the PGP/MIME proposal.

Note that the MIME-based payload proposals are "application"
sign/encrypt, not MSH. Only the XMLDSIG proposal is actually
handled within the MSH proper (signing and signature verification).

I look forward to working with you all on this critical aspect
of our work.



Krishna Sankar wrote:
> Hi all,
>         We need to have a placeholder for a security proposal. The aim of the
> proposal is to :
>                 1.      Show TRP security
>                 2.      Show Registry Security
>                 3.      Develop competency in Security Infrastructure - CAs, Certificates etc
>         I saw interest from the following participants:
>         Hatem, Sid, Krishna, Dale (?), Philippe (?), Mark (?)
>         For the Vancouver, we can get away with a technology only implementation
> (with out any marketing spin). We desperately need the experience with CAs,
> certificates etc so that future POCs (like London et al) could show POCs
> with marketing spin.
>         As the TRP folks are working hard, we can assume that there will be a TRP
> security specification - which has enough details for us to we can work on.
> This is a slightly a leap of faith as we might have to start making some
> assumptions and make corrections as we move forward - which we are good at
> doing, anyway.
>         Does it make sense ?
>         Hatem/Sid should we get together on a conf call to make a first cut at this
> ?
>         Nick, do you have any comments ?
>         cheers
>         Also, if you all can read thru the Registry security sepcifications and
> give feedback, it would help. I am trying to get as much feedback as I can.
org:Sun Microsystems, Inc;XTC Advanced Development
title:Sr. Staff Engineer
fn:Christopher Ferris

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC