RE: Security Question from Cutler, Roger (RogerCutler) on 2002-08-06 (www-ws-arch@w3.org from August 2002)

From: Cutler, Roger (RogerCutler) <RogerCutler@ChevronTexaco.com>
Date: Tue, 6 Aug 2002 11:25:46 -0700
To: "'Champion, Mike'" <Mike.Champion@SoftwareAG-USA.com>, www-ws-arch@w3.org
Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E7C9580@bocnte2k3.boc.chevrontexaco.net>

+1

I posted the question originally in the hopes that something like this would
result.  I like the MAY and SHOULD stuff here.

-----Original Message-----
From: Champion, Mike [mailto:Mike.Champion@SoftwareAG-USA.com] 
Sent: Tuesday, August 06, 2002 12:45 PM
To: www-ws-arch@w3.org
Subject: RE: Security Question

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Tuesday, August 06, 2002 1:19 PM
To: 'Mark Baker'; Cutler, Roger (RogerCutler)
Cc: www-ws-arch@w3.org
Subject: RE: Security Question

the most practical approach, which is currently happening, is for industry
consortia to establish standards for the syntax and semantics of common
transactions in their industry. By making use of these standards, it should
be possible to avoid a semantic misunderstanding (deliberate or not). A
party who claims to have reason to use semantics which are contrary to the
established standards for the relevant industry will face a very difficult
burden of proof.

This is a very useful thread.  Picking up on Hal's point, I'd like to see
specific suggestions for what the WSA document should say about this issue.

- What section should it be in?  Some sort of "General principles of using
XML in web services payloads maybe?"  Then we can talk about SOAP's
philosophy about DTDs and PIs, this general point about potential security
threats from the actions that schema processors could perform?  We might
also mention in this section that it is not possible to use W3C DTDs or
Schemas to fully validate an XML message against the SOAP 1.1 or 1.2 specs
because there is no way to disallow processing instructions, Doctype
references or DTD internal subsets via any current schema language.

- What is the implication for the architecture itself?  I'm not sure ...does
anyone think that this needs to be in the domain of any future working
group?  

- What's the implication for Best Practice?  My personal, humble opinion is
something like "One MAY use W3C XML Schemas for validating the payload   of
a web services message, but one SHOULD NOT rely on anything in the PSVI that
is not in the raw InfoSet representation."  

- Others?

Received on Tuesday, 6 August 2002 14:26:28 UTC