RE: Security Discussion: Changed Agenda: Teleconference : 12/21/200012:30-4pm CDT : RIM discussion follow-up

[Krishna Sankar <ksankar@cisco.com>]

Yep, we have the security services group by OASIS and Chris is right saying
that we should work with that group - I have expressed my interest in
participating. As far as I know the S2ML does address some parts and we
could extend the result of the OASIS working group.

The question is, what do we do for Release 1 ? Especially as the registry
requires authentication and sigining of content.

cheers

> -----Original Message-----
> From: christopher ferris [mailto:chris.ferris@east.sun.com]
> Sent: Wednesday, December 20, 2000 12:26 PM
> To: Nieman, Scott
> Cc: 'ebxml-regrep@lists.ebxml.org'; 'ebxml-stc@lists.ebxml.org';
> ebxml-ta-security@lists.ebxml.org
> Subject: Re: Security Discussion: Changed Agenda: Teleconference :
> 12/21/200 012:30-4pm CDT : RIM discussion follow-up
>
>
> Scott,
>
> When the S2ML initiative was announced, people asked if it
> overlapped with the work being done at ebXML.
>
> The correct, IMHO, answer at that time was: S2ML defines security
> services for authentication and authorization that can be carried
> over any protocol (e.g. SOAP, XP, ebXML). The OASIS TC formed will
> be focused on this very set of services.
>
> Defining an ebXML Security Service(s) at this time would be, IMHO,
> doing exactly what S2ML was perceived (incorrectly) of doing...
> entering a space which is already being addressed by experts in
> the field in an OPEN forum (OASIS).
>
> Now, given that security IS important for RR and that it is currently
> being defined in TR&P, BP, TP and TA (as an overarching architectural
> view
> of the works of the other teams), I think that we should be taking
> a close look at what is being defined before launching into yet another
> specification initiative at this late date in the process.
>
> >From my point of view, RR is simply a specialized business process.
> If the needs of RR are not being addressed by the BP, TP and TR&P
> specification offerings, then we need to think our work through
> more carefully and fill in any gaps that may exist.
>
> Please, let's not start up yet another splinter group to tackle
> an issue that MAY already be addressed within the groups
> already focused on security. If anything, the work MUST be
> tightly coordinated with the other efforts working on security.
>
> Please DO keep in mind that once you start down this path, the
> next phase you enter will be PKI, and I don't think you want to
> go there.
>
> My $0.02,
>
> Chris
> "Nieman, Scott" wrote:
> >
> > To follow-up regarding the StC conversation today, I would like
> to invite
> > Rik, Marty, Sid, Nick and anyone else to join the scheduled RR
> > teleconference tomorrow, to discuss a potential need for a
> separate ebXML
> > Security Service, specifically to handle authentication, encryption, and
> > decryption needs.   Messages and payloads could be processed
> through this
> > service.
> >
> > RR is concerned about overlap, and general architectural
> issues.  At this
> > time, RR is specifying this functionality, however, this
> functionality is
> > also required for normal B2B.  Specifying a single Security
> Service would
> > enable RR to focus on role-based authorizations, integrity, etc.
> >
> > I would like this discussion to last no more than one hour, with that
> > discussion to be the first topic.
> >
> > Scott
> >
> > -----Original Message-----
> > From: Nieman, Scott [mailto:Scott.Nieman@NorstanConsulting.com]
> > Sent: Tuesday, December 19, 2000 4:35 PM
> > To: 'ebxml-regrep@lists.ebxml.org'
> > Subject: Teleconference : 12/21/2000 12:30-4pm CDT : RIM discussion
> > follo w-up
> >
> > Meeting Date: 12/21/2000
> > Meeting Time: 12:30-4pm CDT (please note CDT)
> >
> > The dialup information is:
> > USA: 800.892.0357
> > Sorry no toll-free for International callers: usa 612.352.7899
> > Meeting ID #8186
> > 25 locations setup
> >
> > Agenda: Review the RIM updates based on input from 12/19 telcon.
> >
> > Please read the document prior to the call.
> >
> > Regards,
> >
> > Scott
>