RE: Security Question

> -----Original Message-----
> From: Ugo Corda [mailto:UCorda@SeeBeyond.com]
> Sent: Tuesday, August 06, 2002 1:47 PM
> To: 'Mark Baker'; Cutler, Roger (RogerCutler)
> Cc: www-ws-arch@w3.org
> Subject: RE: Security Question
> 
> 
> By the way, the latest decision of the WS-I Basic Profile in 
> this area is to
> require PSVI evaluation on the receiving side. (But it is still rather
> controversial within the working group).

Hmm, since the type information defined in a schema is part of the PSVI and
not the InfoSet, I guess my suggestion to not rely on the PSVI in a web
service was not well thought through ... still, I think the security
implications of default and fixed attribute values is something that we may
want to address.

Also, this reminds me that we need to think about this WG's relationship
with the WS-I.  I suspect that most of our companies are WS-I members, so
we'll have access to information about their deliberations, but we need to
be careful about whatever confidentiality guidelines WS-I may impose.  I
[personally, not wearing chair hat] think that we need to "harvest" WS-I
conclusions/recommendations and either a) endorse them; b) note caveats that
may make them less relevant in the future; or c) counter them if we really
think they are not in the best interest of the overall web/web services
architecture in the long run.

Received on Tuesday, 6 August 2002 15:58:32 UTC