3708 2006-09-12 19:39:44 +0000 Updated Security Considerations section in framework document: Add mention of use of XML Signature to sign policy 2006-09-14 17:40:28 +0000 1 1 1 Unclassified WS-Policy Framework FPWD Macintosh All RESOLVED FIXED P2 normal --- 1 w3c w3c public-ws-policy-qa oldest_to_newest 11627 0 w3c 2006-09-12 19:39:44 +0000 Policy may need integrity protection, yet not in the context of a SOAP message. For this reason XML Signature may be used. Mention of use of XML Signature for this purpose can be added to the Framework Security Considerations section of the Framework document. Proposed changes to framework document: 1) Add sentence at end of current section 5 (Security Considerations): Policies may be signed using XML Signature to provide integrity protection and origin authentication, especially in contexts where message security is not appropriate. 2) Incorporate security considerations listed in contributed primer into Framework document See Appendix A in PDF referenced in http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001 11653 1 w3c 2006-09-13 15:01:16 +0000 In template format: Description - Update security considerations section of Framework to include discussion of XML Signature use as well as additional security considerations from Primer Justification - Core document should include informative Securiity Considerations section. Integrity protection and source authentication provided by XML Signature in non-messaging context should be included as consideration. Target - WS-Policy Framework [1] Proposal: 1) Add sentence at end of current section 5 (Security Considerations): Policies may be signed using XML Signature to provide integrity protection and origin authentication, especially in contexts where message security is not appropriate. 2) Incorporate security considerations listed in contributed primer into Framework document. See Appendix A in PDF referenced in http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001 Test: review of section [1] http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-framework.html?content-type=text/html;%20charset=utf-8 11725 2 w3c 2006-09-14 17:40:28 +0000 Entire proposal adopted as well as decision to remove considerations from primer, adding pointer from primer to Framework security considerations section. Minutes http://www.w3.org/2006/09/14-ws-policy-irc#T17-38-49