- From: Marc Hadley <Marc.Hadley@Sun.COM>
- Date: Wed, 11 May 2005 09:20:49 -0400
- To: public-ws-addressing-comments@w3.org
The "security model" in WS-Addressing Core and SOAP Binding amounts to little more than 'only process WS-Addr constructs from sources you trust'. Such advice is practically useless in the real world of services deployed on the internet. In line with its charter to deliver "A security model for using and communicating these abstract properties.", the WG needs to produce: (i) a much more detailed analysis of the security threats inherent in WS-Addressing and countermeasures to protect against them (ii) if trust forms the foundation for processing of WS-Addressing constructs then the WG must, at a minimum, deliver an interoperable mechanism for establishment of such trust. Marc. --- Marc Hadley <marc.hadley at sun.com> Business Alliances, CTO Office, Sun Microsystems.
Received on Wednesday, 11 May 2005 13:21:04 UTC