[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Security Proposal
Chris, Thanks for the support. I will look thru your proposals. Let us work together with Sid/Hatem et al to get a decent Vancouver security POC proposal, covering the engineering aspects, which will help us to show the security and get some infrastructure experience. Just as a question, I assume there will be a security proposal out of the London f2f - even a preliminary one is fine. This way we can start the POC work and then finally rally with a TRP proposal at the Vancouver conf. cheers Chris/Dale/Dick, can you send me your thoughts on the regrep security proposal ? It is at http://lists.ebxml.org/archives/ebxml-regrep/200012/msg00033.html -----Original Message----- From: christopher ferris [mailto:chris.ferris@east.sun.com] Sent: Thursday, December 14, 2000 1:26 PM To: Krishna Sankar Cc: ebxml-poc@lists.ebxml.org; Maryann Hondo; Moberg, Dale; Dick Brooks Subject: Re: Security Proposal Krishna, During today's TR&P con-call, it was agreed that Dale Moberg (S/MIME sign/encrypt payload), Dick Brooks (PGP/MIME sign/encrypt payload) and I (XMLDSIG sign header and/or payload) would have draft proposals published before the next con-call (21-Dec). I encourage those of you who are interested in participating in the security aspects of the next POC review and provide feedback on these proposals as they are submitted as they MUST be finalized during our (TR&P) London f2f in early January. If you peruse the ebxml-ta-security mail archives, you should find at least Dale's and my initial-rough-draft proposals. Dick only signed up today to do the PGP/MIME proposal. Note that the MIME-based payload proposals are "application" sign/encrypt, not MSH. Only the XMLDSIG proposal is actually handled within the MSH proper (signing and signature verification). I look forward to working with you all on this critical aspect of our work. Cheers, Chris Krishna Sankar wrote: > > Hi all, > > We need to have a placeholder for a security proposal. The aim of the > proposal is to : > > 1. Show TRP security > 2. Show Registry Security > 3. Develop competency in Security Infrastructure - CAs, Certificates etc > > I saw interest from the following participants: > > Hatem, Sid, Krishna, Dale (?), Philippe (?), Mark (?) > > For the Vancouver, we can get away with a technology only implementation > (with out any marketing spin). We desperately need the experience with CAs, > certificates etc so that future POCs (like London et al) could show POCs > with marketing spin. > > As the TRP folks are working hard, we can assume that there will be a TRP > security specification - which has enough details for us to we can work on. > This is a slightly a leap of faith as we might have to start making some > assumptions and make corrections as we move forward - which we are good at > doing, anyway. > > Does it make sense ? > > Hatem/Sid should we get together on a conf call to make a first cut at this > ? > > Nick, do you have any comments ? > > cheers > > Also, if you all can read thru the Registry security sepcifications and > give feedback, it would help. I am trying to get as much feedback as I can.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC