OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-stc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Security Discussion: Changed Agenda: Teleconference : 12/21/200012:30-4pm CDT : RIM discussion follow-up


Scott,

When the S2ML initiative was announced, people asked if it
overlapped with the work being done at ebXML.

The correct, IMHO, answer at that time was: S2ML defines security
services for authentication and authorization that can be carried
over any protocol (e.g. SOAP, XP, ebXML). The OASIS TC formed will
be focused on this very set of services.

Defining an ebXML Security Service(s) at this time would be, IMHO,
doing exactly what S2ML was perceived (incorrectly) of doing...
entering a space which is already being addressed by experts in
the field in an OPEN forum (OASIS).

Now, given that security IS important for RR and that it is currently
being defined in TR&P, BP, TP and TA (as an overarching architectural
view
of the works of the other teams), I think that we should be taking 
a close look at what is being defined before launching into yet another
specification initiative at this late date in the process.

From my point of view, RR is simply a specialized business process.
If the needs of RR are not being addressed by the BP, TP and TR&P
specification offerings, then we need to think our work through
more carefully and fill in any gaps that may exist.

Please, let's not start up yet another splinter group to tackle
an issue that MAY already be addressed within the groups
already focused on security. If anything, the work MUST be
tightly coordinated with the other efforts working on security.

Please DO keep in mind that once you start down this path, the
next phase you enter will be PKI, and I don't think you want to 
go there.

My $0.02,

Chris
"Nieman, Scott" wrote:
> 
> To follow-up regarding the StC conversation today, I would like to invite
> Rik, Marty, Sid, Nick and anyone else to join the scheduled RR
> teleconference tomorrow, to discuss a potential need for a separate ebXML
> Security Service, specifically to handle authentication, encryption, and
> decryption needs.   Messages and payloads could be processed through this
> service.
> 
> RR is concerned about overlap, and general architectural issues.  At this
> time, RR is specifying this functionality, however, this functionality is
> also required for normal B2B.  Specifying a single Security Service would
> enable RR to focus on role-based authorizations, integrity, etc.
> 
> I would like this discussion to last no more than one hour, with that
> discussion to be the first topic.
> 
> Scott
> 
> -----Original Message-----
> From: Nieman, Scott [mailto:Scott.Nieman@NorstanConsulting.com]
> Sent: Tuesday, December 19, 2000 4:35 PM
> To: 'ebxml-regrep@lists.ebxml.org'
> Subject: Teleconference : 12/21/2000 12:30-4pm CDT : RIM discussion
> follo w-up
> 
> Meeting Date: 12/21/2000
> Meeting Time: 12:30-4pm CDT (please note CDT)
> 
> The dialup information is:
> USA: 800.892.0357
> Sorry no toll-free for International callers: usa 612.352.7899
> Meeting ID #8186
> 25 locations setup
> 
> Agenda: Review the RIM updates based on input from 12/19 telcon.
> 
> Please read the document prior to the call.
> 
> Regards,
> 
> Scott
begin:vcard 
n:Ferris;Christopher
tel;cell:508-667-0402
tel;work:781-442-3063
x-mozilla-html:FALSE
org:Sun Microsystems, Inc;XTC Advanced Development
adr:;;;;;;
version:2.1
email;internet:chris.ferris@east.sun.com
title:Sr. Staff Engineer
fn:Christopher Ferris
end:vcard


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help


Powered by eList eXpress LLC