As per Relevance of the word services, we have this rfc below:
Network Working Group G.
Request for Comments: 2084 S.
Category: Informational Silicon Graphics Inc
W.
IEEE, Inc
January 1997
Considerations for Web Transaction
Status of this
This memo provides information for the Internet community. This
does not specify an Internet standard of any kind. Distribution
this memo is unlimited
This document specifies the requirements for the provision
security services to the HyperText Transport Protocol.
services include confidentiality, integrity, user authentication,
authentication of servers/services, including proxied or
services. Such services may be provided as extensions to HTTP, or
an encapsulating security protocol. Secondary requirements
ease of integration and support of multiple mechanisms for
these services
1.
The use of the HyperText Transport Protocol [1] to
specialized or commercial services and personal or private
necessitates the development of secure versions that include
and authentication services. Such services may be provided
extensions to HTTP, or as encapsulating security protocols; for
purposes of this document, all such enhancements will be referred
as WTS
In this document, we specify the requirements for WTS, with
intent of codifying perceived Internet-wide needs, along
existing practice, in a way that aids in the evaluation
development of such protocols
Bossert, et. al. Informational [Page 1]
RFC 2084 Considerations for Web Transaction Security January 1997
WTS is an enhancement to an object transport protocol. As such,
does not provide independent certification of documents or other
objects outside of the scope of the transfer of said objects.
addition, security at the WTS layer is independent of and
to security services provided at underlying network layers. It
envisioned that WTS may coexist in a single transaction with
mechanisms, each providing security services at the
level, with at worst some redundancy of service
1.1
This following terms have specific meaning in the context of
document. The HTTP specification [1] defines additional
terms
Transaction
A complete HTTP action, consisting of a request from
client and a response from the server
Gatewayed Service
A service accessed, via HTTP or an alternate protocol, by
HTTP server on behalf of the client
Mechanism
An specific implementation of a protocol or related subset
features of a protocol
2. General
WTS must define the following services. These services must
provided independently of each other and support the needs of
and
o Confidentiality of the HTTP request and/or response
o Data origin authentication and data integrity of the HTTP
and/or response
o Non-repudiability of origin for the request and/or response
o Transmission freshness of request and/or response
o Ease of integration with other features of HTTP
o Support of multiple mechanisms for the above services
3.
WTS must be able to provide confidentiality for both requests
responses. Note: because the identity of the object being
is potentially sensitive, the URI of the request should
confidential; this is particularly critical in the common case
form data or other user input being passed in the URI
Bossert, et. al. Informational [Page 2]
RFC 2084 Considerations for Web Transaction Security January 1997
4. Service
WTS should support the authentication of gatewayed services to
client
WTS should support the authentication of the origin HTTP server
gatewayed services regardless of intermediary proxy or
servers
To allow user privacy, WTS must support service authentication
user anonymity
Because the identity of the object being requested is
sensitive, service authentication should occur before any part of
request, including the URI of the requested object, is passed.
cases where the authentication process depends on the URI (or
header data) of the request, such as gatewayed services, the
necessary information to identify the entity to be
should be passed
5. User
WTS must support the authentication of the client to the server
WTS should support the authentication of the client to
services
WTS should support the authentication of the client to the
HTTP server regardless of intermediary proxy servers
6.
WTS must provide assurance of the integrity of the HTTP transaction
including the HTTP headers and data objects of both client
and server responses
7.
In order to support integration with current and future versions
HTTP, and to provide extendibility and independence of development
the secure services provided by WTS must be orthogonal to
independent of other services provided by HTTP
Bossert, et. al. Informational [Page 3]
RFC 2084 Considerations for Web Transaction Security January 1997
In accordance with the layered model of network protocols, WTS
be
o independent of the content or nature of data objects
transported although special attention to reference integrity
hyperlinked objects may be
o implementable over a variety of connection schemes
underlying transport
8. Multiple
WTS must be compatible with multiple mechanisms for
and encryption. Support for multiple mechanisms is required for
number of reasons
o Accommodation of variations in site policies, including
due to external restrictions on the availability
cryptographic technologies
o Support for a variety of applications and gatewayed services
o Support for parallel implementations within and
administrative domains
o Accomodation of application-specific performance/
tradeoffs
To allow interoperability across domains, and to support
transition to new/upgraded mechanisms, WTS should provide
of authentication and encryption mechanisms
Bossert, et. al. Informational [Page 4]
RFC 2084 Considerations for Web Transaction Security January 1997
[1] Berners-Lee, T., Fielding, R., and H. Frystyk Nielsen
"Hypertext Transfer Protocol -- HTTP/1.0", RFC 1945,
May 1996.
[2] G. Bossert, S. Cooper, W. Drummond. "Requirements of
Object Transfer Protocols", Work in
security/draft
draft-rutgers-sotp-requirements-00.txt>, March 1995.
The revision history of this document can be located
This document is a product of the IETF WTS working group.
working group uses the wts-wg@postofc.corp.sgi.com mailing list
discussion. The subscription address is wts-wg
request@postofc.corp.sgi.com
Eric Rescorla of Terisa provided valuable
on an early draft of a document called "Requirements of Secure
Transfer" [2], a principal influence on this document
Security
As noted above
Bossert, et. al. Informational [Page 5]
RFC 2084 Considerations for Web Transaction Security January 1997
Authors'
Greg
Silicon Graphics, Inc. MS 15-7
2011 North Shoreline Blvd
Mountain View, CA 94043-1389
EMail: bossert@corp.sgi.
Simon
Silicon Graphics, Inc. MS 15-7
2011 North Shoreline Blvd
Mountain View, CA 94043-1389
EMail: sc@corp.sgi.
Walt
Institute of Electrical and Electronics Engineers, Inc
445 Hoes
Piscataway, NJ 08855-1331
Phone: 908-562-6545
Fax: 908-562-1727
EMail: drummond@ieee.
Bossert, et. al. Informational [Page 6]
if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.
RFC documents can be found at I.E.T.F.
Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX
