per-entity - Re: [Per-Entity] adding a layer to the security model

Subject: Per-Entity Metadata Working Group

List archive

Re: [Per-Entity] adding a layer to the security model

From: Tom Scavo <>
To: "Cantor, Scott" <>
Cc: Tom Scavo <>, Per-Entity Metadata Working Group <>
Subject: Re: [Per-Entity] adding a layer to the security model
Date: Wed, 21 Sep 2016 12:09:02 -0400
Ironport-phdr: 9a23:cSRo6hbv9Zy6iF5xEawkjiL/LSx+4OfEezUN459isYplN5qZpsW8bnLW6fgltlLVR4KTs6sC0LWG9f27EjVdqb+681k8M7V0HycfjssXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aMlzFOAF0PuX4HJLJx4Tyjrjqus6bXwIdzhG0Z691NlH+lg7WqtVcyd9pI6AtzQGP+FNPYPkQyG91cwG9hRH5s/u3+dZY+C1OvLp169RbWqzkeIw5S6BVFjIrLzpz6cH240qQBTCT72cRBz1F2iFDBBLIuVSjBs/8

On Wed, Sep 21, 2016 at 12:05 PM, Cantor, Scott
<>
wrote:
> On 9/21/16, 11:54 AM,
> "
> on behalf of Tom Scavo"
> <
> on behalf of
> >
> wrote:
>
>> ScottC made an intriguing suggestion today, which might be
>> characterized by the following "three layers of security:"
>>
>> 1) Commercial-grade TLS
>> 2) HTTP message signing
>> 3) XML Signature
>>
>> Scott, is that more-or-less what you were thinking?
>
> More along the lines of using content-negotiation to decide between 2 and
> 3, but basically.

Can you describe how content-negotiation might play into this?

Thanks,

Tom

[Per-Entity] adding a layer to the security model, Tom Scavo, 09/21/2016
- Re: [Per-Entity] adding a layer to the security model, Cantor, Scott, 09/21/2016
  - Re: [Per-Entity] adding a layer to the security model, Tom Scavo, 09/21/2016
    - Re: [Per-Entity] adding a layer to the security model, Cantor, Scott, 09/21/2016
      - Re: [Per-Entity] adding a layer to the security model, Tom Scavo, 09/21/2016
        
        Re: [Per-Entity] adding a layer to the security model, Cantor, Scott, 09/21/2016
        
        Re: [Per-Entity] adding a layer to the security model, Nick Roy, 09/21/2016

List archive

Re: [Per-Entity] adding a layer to the security model