Subject: RE: Security checkup
---------------------- Forwarded by Scott Hinkelman/Austin/IBM on 03/06/2001 01:57 PM --------------------------- Scott Hinkelman 03/06/2001 01:43 PM To: "Nieman, Scott" <Scott.Nieman@NorstanConsulting.com> cc: From: Scott Hinkelman/Austin/IBM@IBMUS Subject: RE: Security checkup (Document link: Scott Hinkelman) Scott, I refer to 2) below. Sure, I think it could be a sepserate document. Are they 'common processes' ? If Registry SSs can be defined, In several ways it would seem to lift discussion of security issues from the Reg Service spec by just indicating the security abstractions in the Registry SSs. I assume someplace the SS security abstractions down to the realizations will be defined from the Security team............ thoughts? Scott Hinkelman, Senior Software Engineer XML Industry Enablement IBM e-business Standards Strategy 512-823-8097 (TL 793-8097) (Cell: 512-940-0519) srh@us.ibm.com, Fax: 512-838-1074 "Nieman, Scott" <Scott.Nieman@NorstanConsulting.com> on 03/05/2001 04:54:19 PM To: Scott Hinkelman/Austin/IBM@IBMUS, ebxml-regrep@lists.ebxml.org cc: Subject: RE: Security checkup >>for all ebXML Registry Specification Schemas I am assuming that you are referring to the BP Specification Schema (SS) below, however, in what "context" are you applying this term. I see two views on this: 1) a business retrieving another business' SS from a registry, 2) a SS reflecting the collaboration between a registry client and the registry service. If #2, don't you think that this could be put in a separate document? This detail WAS targeted for the Part 2 document in the EARLIEST days of this project team, focusing on use case realizations (collaborations) and the dynamics (activity diagrams/ state machines) of the usage of a registry. In toyko, one team was editing the Business Domain (old-part1 document) and it was suggested that these collaborations be detailed in this specification for a future revision - perhaps AFTER the 18 month project period. The thought of doing this in POC is intriguing though. Scott -----Original Message----- From: Scott Hinkelman [mailto:srh@us.ibm.com] Sent: Monday, March 05, 2001 2:39 PM To: ebxml-regrep@lists.ebxml.org Subject: Security checkup Hi, Section 9 of Registry Services .85 outlines security. From what I read, I have this comment: Section 9.2.1 could be renamed to "Payload Signature" and condensed to simply indicate that the payload will be signed for all ebXML Registry Specification Schemas, and the appropriate course-grained indicator will be asigned within each Specification Schema. This could then be referenced to the (new ?) section that defines the Registry Specification Schemas. Are there any other open issues from the Registry team concerning Security? I believe it best to identify any, get closure, and let the Security team review section 9. Scott Hinkelman, Senior Software Engineer XML Industry Enablement IBM e-business Standards Strategy 512-823-8097 (TL 793-8097) (Cell: 512-940-0519) srh@us.ibm.com, Fax: 512-838-1074
Powered by
eList eXpress LLC