W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

Re: ISSUE 8 : "Clarity and Safety"

From: Hugo Haas <hugo@w3.org>
Date: Mon, 22 Nov 2004 19:07:15 +0100
To: Martin Gudgin <mgudgin@microsoft.com>
Cc: Glen Daniels <gdaniels@sonicsoftware.com>, public-ws-addressing@w3.org
Message-ID: <20041122180715.GJ17580@w3.org>
* Martin Gudgin <mgudgin@microsoft.com> [2004-11-22 07:02-0800]
> > The WS-Addressing submission states that reference properties and
> > parameters are "assumed to be opaque to consuming applications".
> > 
> > In these conditions, how can I decide whether I like them or not?
> 
> The same way you decide whether or not you like a URI?

There's a slight difference though: you know that the destination URI
is an identifier for the destination, whereas reference properties
could be abused by making you insert XML that does additional
processing which looks like it's been requested by the service client.

> The fact that some XML can be assumed to be opaque does not preclude
> someone from making decisions based on aspects of that XML. People have
> posited that they might have reasons for not wanting to use certain
> reference property/parameter elements. If this is the case, then they
> need to *not* treat the data as opaque and rather use whatever criteria
> they choose to deterimine whether the data does or does not fit those
> criteria. 

I think that it's weird to define them as opaque and then, in the
yet-to-be-written security portion of our spec, advice people not to
treat those as opaque, especially as this XML could really be
anything.

Cheers,

Hugo

-- 
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/

Received on Monday, 22 November 2004 18:07:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:59 GMT