OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: ebXML Registry Security Proposal

Attachment added this time.

<Farrukh.Najmi@east.sun.com> wrote:
>Date: Wed, 06 Dec 2000 23:21:24 -0500
>Attached is a slide presentation that reflects the current state of the
>proposal for ebXML Registry security. It reflects joint work between Krishna,
>Steve Hanna and myself.
>This proposal was presented to the ebXML Security
>team's f2f meeting today. The security team felt that the proposal was pretty
>close to what is needed for a minimal yet effective Release 1 solution and
>one that fits well with teh works of the security team.
>On the issue of whether we can only rely on Certificate based authentication 
>and not do userid/password based authentication the feelking was that it was
>a good idea because it provide a more secure solution in which content could
>be traced to its submitter more reliably. The model adds small cost to SO
>(less than $50 per year), and provides more trustworthy content to the majority
>of users of the registry who are simply browsing and retrieving content. So
>from a security standpoint it is a good compromise. However, it was suggested
>that the Registry team validate that it is OK to not do userid/password. IMHO,
>should at the very least push userid/password to pahse 2 or better just leave
>it out all together. 
>Please send your thoughts as we will need to add this proposal to the spec in
>next few weeks. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC