- From: David Hull <dmh@tibco.com>
- Date: Wed, 23 Feb 2005 13:36:16 -0500
- To: public-ws-async-tf@w3.org
- Message-id: <421CCD20.1040600@tibco.com>
A recent thread of discussion on WSA <http://lists.w3.org/Archives/Public/public-ws-addressing/2005Feb/0160.html> discusses the hazards of trusting random EPRs that you may find in a message, for example the reply-to: and fault-to: EPRs. There is a similar issue in notification/eventing, namely how does a NotificationProducer/EventSource know if it should send messages to the NotificationConsumer/EventSink EPR given? In other words, this seems like a particularly async-flavored issue. In the sync world or request/reply, there is an implicit and therefore well-guarded back-channel for delivering replies and such. Security devolves to protecting the request address. We may want to explore to what extent the dynamically-addressed async case is different. I believe there is common ground in that in all cases the service is protecting itself from mischevious clients. Is there a fundamental difference between "I need to make sure that I only honor a request to transfer money if there is proper authorization" and "I need to make sure that I only send messages if there is proper authorization"? If so, what is the difference? If not, how do we capture the commonality? If the major difference between a subscription and an async request reply is cardinality, it would seem that the basic security issues are very similar in the two cases.
Received on Wednesday, 23 February 2005 18:36:48 UTC