- From: Rich Salz <rsalz@datapower.com>
- Date: Tue, 23 Nov 2004 13:55:51 -0500
- To: David Orchard <dorchard@bea.com>
- CC: public-ws-addressing@w3.org
> In the > pipeline model that lots of vendors offer, it's pretty simple to insert > a ref property well before the signing/encrypting code is applied. Most > of the stuff I've seen out of vendors seems to indicate that security > happens at the touch points to the network - the last node on outbound > and first node on inbound messages. I represent a vendor that provides arguably the most extreme case of this -- a physically separate network device. By the time it gets to us, it's already SOAP (usually). So the ref property is inserted before the crypto happens, but there's no sharing of things like Infoset or config files. Moving things out of an endpoint reference into separate SOAP headers will require the kind of close coupling that WS folks tend to avoid. Just foreshadowing where I stand on issue 8 :) /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Received on Tuesday, 23 November 2004 18:48:18 UTC