W3C home > Mailing lists > Public > www-ws-arch@w3.org > April 2002

Re: AW: Infinite Loops and webservices

From: David Fraser <dfraser@learningpatterns.com>
Date: Sun, 21 Apr 2002 08:58:10 -0400 (EDT)
Message-ID: <000601c1e933$8e701ac0$0100a8c0@e4p2s1>
To: <www-ws-arch@w3.org>
Yes. I should have been more explicit. My concern is not as narrow as one company ordering widgets from another but rather, as Jens described, large complex evolving dynamic graphs of interconnected webservices. If somewhere a loop emerges in such an instance it could have very nasty effects. There is also the problem that such complex industry-based graphs create a fertile ground for malicious folks. E.g.

Company A has a search mechanism (i.e. no transactions, financial or otherwise, involved) used commonly within an industry ('findCheapestWidgetManufacturer()")

Evil Person A wishes to work havoc in the widget industry.

Evil Person A could create a webservice and deploy it as a decoy widget manufacturer. In reality the webservice calls Company A's search webservice. This would complete a loop that would affect the entire widget industry.

The difference between this situation and Evil Person A just launching a denial-of-service attack in the more traditional sense is that Evil Person A could claim that deep within his/her system Company A's search webservice is dynamically invoked; therefore no malicious intent just a design glitch. In current distributed systems where the interconnections are more static there is not the same amount of room for plausible deniability as there would be for Evil Person A in the above example.

My two cents.
D.
Received on Monday, 22 April 2002 07:56:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:57 GMT