W3C home > Mailing lists > Public > public-ws-addressing-comments@w3.org > May 2005

LC Comment (Core and SOAP): Security model is insufficient

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Wed, 11 May 2005 09:20:49 -0400
To: public-ws-addressing-comments@w3.org
Message-id: <65874421cd3baba2a69ebb8cf74ae074@Sun.COM>

The "security model" in WS-Addressing Core and SOAP Binding amounts to 
little more than 'only process WS-Addr constructs from sources you 
trust'. Such advice is practically useless in the real world of 
services deployed on the internet.

In line with its charter to deliver "A security model for using and 
communicating these abstract properties.", the WG needs to produce:

(i) a much more detailed analysis of the security threats inherent in 
WS-Addressing and countermeasures to protect against them

(ii) if trust forms the foundation for processing of WS-Addressing 
constructs then the WG must, at a minimum, deliver an interoperable 
mechanism for establishment of such trust.

Marc.

---
Marc Hadley <marc.hadley at sun.com>
Business Alliances, CTO Office, Sun Microsystems.
Received on Wednesday, 11 May 2005 13:21:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:19:38 GMT