[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ebXML Registry Security Proposal
Attachment added this time. <Farrukh.Najmi@east.sun.com> wrote: >Date: Wed, 06 Dec 2000 23:21:24 -0500 > >Attached is a slide presentation that reflects the current state of the >security >proposal for ebXML Registry security. It reflects joint work between Krishna, >Steve Hanna and myself. > >This proposal was presented to the ebXML Security >team's f2f meeting today. The security team felt that the proposal was pretty >close to what is needed for a minimal yet effective Release 1 solution and >one that fits well with teh works of the security team. > >On the issue of whether we can only rely on Certificate based authentication >and not do userid/password based authentication the feelking was that it was >a good idea because it provide a more secure solution in which content could >be traced to its submitter more reliably. The model adds small cost to SO >(less than $50 per year), and provides more trustworthy content to the majority >of users of the registry who are simply browsing and retrieving content. So >from a security standpoint it is a good compromise. However, it was suggested >that the Registry team validate that it is OK to not do userid/password. IMHO, >we >should at the very least push userid/password to pahse 2 or better just leave >it out all together. > >Please send your thoughts as we will need to add this proposal to the spec in >the >next few weeks. > >-- > >Regards, >Farrukh > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC