W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

RE: Composibility problems with refps

From: Rich Salz <rsalz@datapower.com>
Date: Wed, 24 Nov 2004 17:29:06 -0500 (EST)
To: Christopher B Ferris <chrisfer@us.ibm.com>
cc: David Orchard <dorchard@bea.com>, Francisco Curbera <curbera@us.ibm.com>, Martin Gudgin <mgudgin@microsoft.com>, "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "public-ws-addressing-request@w3.org" <public-ws-addressing-request@w3.org>
Message-ID: <Pine.LNX.4.44L0.0411241726480.1909-100000@smtp.datapower.com>

> The "hole" you describe with pipelining applies equally to all SOAP
> headers and the SOAP body as well. It is not constrained to
> ref props/params. I don't understand what the issue is really.

The issue is that WS-Addressing seems to be the only spec (that I know of;
so many specs, so little time), that essentially rewrites things so that
data is now "generic" SOAP header blocks.

As I have tried to show in two (soon to be three) notes, this makes
end-to-end security of WS-Addressing information effectively impossible to
achieve using the current SOAP binding mechanism.  I think that's bad.

	/r$

-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 24 November 2004 22:29:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:35:00 GMT