> I guess it depends on the content. Normally when you use a SOAP > intermediary you would have your SSL connection with the intermediary if > your concerned about the validity of the content. That way the > intermediary becomes a trusted source (and it in-turn would have to have > a trust relationship with the up-stream author of the content). That strikes me as turning an architectural limitation into a feature. If I sign my content, I don't have to trust a SOAP intermediary to do anything more than it's business. If that intermediary gets compromised, *my* content won't get screwed up. (Choicepoint, anyone?) You don't trust every router that might touch your TCP packets, do you? Of course not -- that's why you use SSL. Why is the SOAP situation any different? I want end-to-end security, not hop-by-hop. I'm not alone. :) /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.htmlReceived on Tuesday, 8 March 2005 01:18:00 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:55:58 GMT