W3C home > Mailing lists > Public > www-tag@w3.org > October 2006

RE: New draft TAG finding - Passwords in the Clear

From: <noah_mendelsohn@us.ibm.com>
Date: Fri, 6 Oct 2006 23:05:26 -0400
To: "Rice, Ed (ProCurve)" <ed.rice@hp.com>
Cc: "Paul Cotton" <Paul.Cotton@microsoft.com>, Vincent.Quint@inrialpes.fr, www-tag@w3.org, www-tag-request@w3.org
Message-ID: <OF8E0D3D44.24C3CD5D-ON852571FF.0063EC6F-85257200.0010FC7D@lotus.com> 

Ed Rice writes:

> I had assumed that since SOAP uses HTTP and HTTPS that the 
> relationship was implied. 

I hope it's clear that Web Services only sometimes uses SOAP + HTTPS as 
its security mechanism.  HTTPS is fine, if used carefully, for the one hop 
connection-level security that it provides.  I think Paul is pointing out 
that Web Services Security provides complementary mechanisms that secure 
messages at a higher level, and that perhaps these should be considered 
for at least a brief mention as a point of comparison.

Noah

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
Received on Saturday, 7 October 2006 03:05:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 September 2008 07:02:12 GMT