W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

Re: Composibility problems with refps

From: Rich Salz <rsalz@datapower.com>
Date: Tue, 23 Nov 2004 13:55:51 -0500
Message-ID: <41A387B7.1010101@datapower.com>
To: David Orchard <dorchard@bea.com>
CC: public-ws-addressing@w3.org

>  In the
> pipeline model that lots of vendors offer, it's pretty simple to insert
> a ref property well before the signing/encrypting code is applied.  Most
> of the stuff I've seen out of vendors seems to indicate that security
> happens at the touch points to the network - the last node on outbound
> and first node on inbound messages.

I  represent a vendor that provides arguably the most extreme case of 
this -- a physically separate network device.  By the time it gets to 
us, it's already SOAP (usually).  So the ref property is inserted before 
the crypto happens, but there's no sharing of things like Infoset or 
config files.

Moving things out of an endpoint reference into separate SOAP headers 
will require the kind of close coupling that WS folks tend to avoid.

Just foreshadowing where I stand on issue 8 :)

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
Received on Tuesday, 23 November 2004 18:48:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:59 GMT