W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

Re: Composibility problems with refps

From: Mark Baker <distobj@acm.org>
Date: Thu, 25 Nov 2004 00:30:47 -0500
To: public-ws-addressing@w3.org
Message-ID: <20041125053047.GX8237@markbaker.ca>

+1, well said Rich.  It all boils down to self-description and
visibility.

On Wed, Nov 24, 2004 at 07:09:59PM -0500, Rich Salz wrote:
> 
> > What I don't understand is why you think that just because WS-A includes
> > as part of its
> > processing model the echoing of EPR props/params as SOAP headers that
> > makes it somehow special with regards
> > to the security model and its application to outbound messages.
> 
> Because it just is.  Honest, it really is.
> 
> Don't think of it as echoing, think of it as promotion.  No other
> generic composible specification does this.  Every other spec makes
> it clear, through standard use of XML, what it is.  Therefore it
> is easy to express a security policy, implement it, and verify it.
> 
> Since addressing information is now put as header elements that
> are indistinguishable from any other header elements, then you
> cannot reliably secure them, you cannot express a policy that says
> how they should be secured, and even if you could, the set of
> headers to be affected not only varies per-message-type, but
> per message instance.
> 
> IT makes it *much* harder to provide end-to-send security of message
> headers.  Without close coupling and clumsy policy expression, it's
> impossible.

Mark.
-- 
Mark Baker.   Ottawa, Ontario, CANADA.        http://www.markbaker.ca
Received on Thursday, 25 November 2004 05:28:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:35:00 GMT