OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: ebXML Registry Security Proposal

Attached is a slide presentation that reflects the current state of the security
proposal for ebXML Registry security. It reflects joint work between Krishna,
Steve Hanna and myself.

This proposal was presented to the ebXML Security
team's f2f meeting today. The security team felt that the proposal was pretty
close to what is needed for a minimal yet effective Release 1 solution and
one that fits well with teh works of the security team.

On the issue of whether we can only rely on Certificate based authentication 
and not do userid/password based authentication the feelking was that it was
a good idea because it provide a more secure solution in which content could
be traced to its submitter more reliably. The model adds small cost to SO
(less than $50 per year), and provides more trustworthy content to the majority
of users of the registry who are simply browsing and retrieving content. So
from a security standpoint it is a good compromise. However, it was suggested
that the Registry team validate that it is OK to not do userid/password. IMHO, we
should at the very least push userid/password to pahse 2 or better just leave
it out all together. 

Please send your thoughts as we will need to add this proposal to the spec in the
next few weeks. 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC