18 messages in org.oasis-open.lists.egovRE: [egov] Missing Securty: Update Wo...| From | Sent On | Attachments |
|---|---|---|
| Monica J. Martin | Oct 4, 2004 6:45 am |  .pdf |
| Anders Rundgren | Oct 4, 2004 11:22 am | |
| Monica J. Martin | Oct 4, 2004 1:22 pm | |
| Anders Rundgren | Oct 5, 2004 6:27 am | |
| Chiusano Joseph | Oct 5, 2004 6:37 am | |
| Chiusano Joseph | Oct 5, 2004 6:45 am | |
| Anders Rundgren | Oct 5, 2004 7:16 am | |
| Monica J. Martin | Oct 5, 2004 7:21 am | |
| Anders Rundgren | Oct 5, 2004 7:54 am | |
| Chiusano Joseph | Oct 5, 2004 8:04 am | |
| Anders Rundgren | Oct 5, 2004 8:27 am | |
| Monica J. Martin | Oct 5, 2004 8:36 am | |
| Chiusano Joseph | Oct 5, 2004 8:37 am | |
| David RR Webber | Oct 5, 2004 9:56 am | |
| Anders Rundgren | Oct 5, 2004 10:19 am | |
| David RR Webber | Oct 5, 2004 11:03 am | |
| Anders Rundgren | Oct 5, 2004 1:51 pm | |
| David RR Webber | Oct 5, 2004 2:28 pm |
| Subject: | RE: [egov] Missing Securty: Update Working Draft for Workflow Standards | |
|---|---|---|
| From: | Chiusano Joseph (chiu...@bah.com) | |
| Date: | Oct 5, 2004 6:37:09 am | |
| List: | org.oasis-open.lists.egov | |
-----Original Message----- From: Anders Rundgren [mailto:ande...@telia.com] Sent: Monday, October 04, 2004 2:18 PM To: Monica J. Martin; OASIS eGov list Subject: Re: [egov] Missing Securty: Update Working Draft for Workflow Standards
Monica & List. I have some input regarding security standards which seems to be lacking.
You could add WS-Security for example. However, it is also important to note that many pieces still are entirely absent and are not even known targets for standardization. The most obvious deficit is the lack of a method for a user to sign a document/transaction in a browser environment. The only thing I have heard of is XAML that MSFT is putting in Longhorn that unfortunately requires that we all convert to Longhorn.
Anders, you may want to review the SAML Technical Overview document that is available on the SAML home page, if you haven't done so already. There are some use cases there that may satisfy your needs.
All e-govs are currently investing in proprietary signature solutions making inter-agency workflow a local matter and definitely not cross-border.
For those who are interested in security it may be interesting to know that the PKI pioneered by the US federal agencies
Could you perhaps be a bit more specific as to which initiative you are referring to, as there are multiple inititiatives that may fit this description?
is largely incompatible with any kind of workflow system server
IMHO, the concepts of security and workflow should be orthagonal to one another - that is to say that, as I view this, given the current advanced state of digital security and the world of loose coupling, there should not be such a roadblock in "marrying" security and workflow, and there should not be such a strong "dependency" between the two that such an incompatibility would exist. I would, however, be very interested to here more details on why your experience shows that this is the case.
as a concept that is based on using encryption certificates of employees will disable any intermediary service like a purchasing system from reading outgoing messages.
I envision that use of SAML to present a PKI-based security token could solve the problem here.
Kind Regards, Joe Chiusano Booz Allen Hamilton
The governments in northern Europe have therefore defined an entirely different PKI architecture that is compatible with any kind of workflow process.
So maybe you should extend your paper with "missing standards" as well?
Anders Rundgren Consultant e-infrastructure
----- Original Message ----- From: "Monica J. Martin" <Moni...@Sun.COM> To: "OASIS eGov list" <eg...@lists.oasis-open.org> Sent: Monday, October 04, 2004 15:46 Subject: [egov] 10/4/2004: Update Working Draft for Workflow Standards
See attached updated workflow draft. It is important to note that:
* Changes may be forthcoming in WfMC that may complement/change this evaluation, similar to those that occurred in BPMI.org. * New emerging specifications may complement/replace WfMC capabilities. * More information is required to understand the relative importance of the human workflow, the process definition and the conditions and constraints applied (and visible to the enabling processes). * I've not updated any recommendations pending feedback from the eGov team and user community.
I would encourage any feedback as I have not received any to date other than from John Borras (and to complement the great work by eEnvoy). See you in a few! I will upload to eGov site as well. Thank you.
--------------------------------------------------------------
------------------
To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/egov/members/leav e_workgroup.php.
To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/egov/members/leav e_workgroup.php.