[ogsa-wg] Comments wrt Secure Channel 1.0 Profile
Von Welch
vwelch at ncsa.uiuc.edu
Fri Oct 7 05:39:02 CDT 2005
Two nits, one general comment. - Von
Section 3.2.1: I find it odd that while for message-level security
encryption is mandated, it's not for TLS (as I read the BSP-1.0
document, it's optional). Is this intentional or is encryption
assumed with TLS?
General comment: In part the above comment comes from the fact that
the document doesn't clarify what a "secure channel" is. At the
architectural level, what does the use of this profile provide? It
seems to be the intention that it is a channel has authentication,
privacy and integrity attributes, but that is only implied.
R0312, R0313, R0314, R0315, R0316: "When using Message Level
Security..." This phrase seems confusing since many of the instances
discussed don't actually occur at the time messages are being sent. I
would suggest "In order to support Message Level Security..."
More information about the ogsa-wg
mailing list