W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

RE: Composibility problems with refps

From: Rich Salz <rsalz@datapower.com>
Date: Tue, 23 Nov 2004 09:27:16 -0500 (EST)
To: chrisfer@us.ibm.com
cc: "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>
Message-ID: <Pine.LNX.4.44L0.0411230921560.32147-100000@smtp.datapower.com>

> I'm more sensitive to the issue 8 concern about ref props/params being
> duplicates of user headers, particularly a security hole that allows a
> hacker to put a bad RefP into the EPR, ie
> <SendAssetsToGrandCayman amount="all" fromacct="chris" toacct="hacker"/>

I need to better understand your concerns.  Is this an accurate summary?
You think EPR/WS-xxx conflicts are unlikely because the server will
knowingly avoid WS-xxx qnames.  You are worried about EPR/client conflicts
because of possible qname conflicts with other user headers.

The "confusion" conflict can be solved in two ways: either use actor/role,
like I wrote in email yesterday, or the server can (should?) make sure any
EPRs are in a namespace it can control.

The "interjection" concern can be solved in the same ways that servers
currently protect cookies.

What am I missing?
	/r$
-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html
Received on Tuesday, 23 November 2004 14:27:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:59 GMT