OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-poc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Security Proposal


	Thanks for the support. I will look thru your proposals. Let us work
together with Sid/Hatem et al to get a decent Vancouver security POC
proposal, covering the engineering aspects, which will help us to show the
security and get some infrastructure experience.

	Just as a question, I assume there will be a security proposal out of the
London f2f - even a preliminary one is fine. This way we can start the POC
work and then finally rally with a TRP proposal at the Vancouver conf.


	Chris/Dale/Dick, can you send me your thoughts on the regrep security
proposal ? It is at

-----Original Message-----
From: christopher ferris [mailto:chris.ferris@east.sun.com]
Sent: Thursday, December 14, 2000 1:26 PM
To: Krishna Sankar
Cc: ebxml-poc@lists.ebxml.org; Maryann Hondo; Moberg, Dale; Dick Brooks
Subject: Re: Security Proposal


During today's TR&P con-call, it was agreed that Dale Moberg
(S/MIME sign/encrypt payload), Dick Brooks (PGP/MIME sign/encrypt
payload) and I (XMLDSIG sign header and/or payload) would have
draft proposals published before the next con-call (21-Dec).

I encourage those of you who are interested in participating
in the security aspects of the next POC review and provide
feedback on these proposals as they are submitted as they MUST
be finalized during our (TR&P) London f2f in early January.

If you peruse the ebxml-ta-security mail archives, you should find
at least Dale's and my initial-rough-draft proposals. Dick only
signed up today to do the PGP/MIME proposal.

Note that the MIME-based payload proposals are "application"
sign/encrypt, not MSH. Only the XMLDSIG proposal is actually
handled within the MSH proper (signing and signature verification).

I look forward to working with you all on this critical aspect
of our work.



Krishna Sankar wrote:
> Hi all,
>         We need to have a placeholder for a security proposal. The aim of
> proposal is to :
>                 1.      Show TRP security
>                 2.      Show Registry Security
>                 3.      Develop competency in Security Infrastructure -
CAs, Certificates etc
>         I saw interest from the following participants:
>         Hatem, Sid, Krishna, Dale (?), Philippe (?), Mark (?)
>         For the Vancouver, we can get away with a technology only
> (with out any marketing spin). We desperately need the experience with
> certificates etc so that future POCs (like London et al) could show POCs
> with marketing spin.
>         As the TRP folks are working hard, we can assume that there will
be a TRP
> security specification - which has enough details for us to we can work
> This is a slightly a leap of faith as we might have to start making some
> assumptions and make corrections as we move forward - which we are good at
> doing, anyway.
>         Does it make sense ?
>         Hatem/Sid should we get together on a conf call to make a first
cut at this
> ?
>         Nick, do you have any comments ?
>         cheers
>         Also, if you all can read thru the Registry security
sepcifications and
> give feedback, it would help. I am trying to get as much feedback as I

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC