W3C home > Mailing lists > Public > www-tag@w3.org > March 2005

Re: Minutes of the Web Services Addressing / TAG joint meeting

From: Rich Salz <rsalz@datapower.com>
Date: Fri, 4 Mar 2005 10:46:59 -0500 (EST)
To: "noah_mendelsohn@us.ibm.com" <noah_mendelsohn@us.ibm.com>
cc: Mark Baker <distobj@acm.org>, "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <Pine.LNX.4.44L0.0503041045320.22906-100000@smtp.datapower.com> 

> "underlying" protocol such as HTTP.  Duplication has serious downsides,
> but also some advantages, and may be a reasonable compromise in some
> cases, perhaps this one.

There is no way to get end-to-end security on HTTP headers.  Put another
way, while I can sign a wsa:To element, there is no way (at least not
standard way; there might be a private shcme I don't know about)
to sign the URL in the POST command.

	/r$
-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
Received on Friday, 4 March 2005 15:48:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:33 GMT