W3C home > Mailing lists > Public > www-ws-arch@w3.org > June 2002

RE: SOAP Confidentiality and Integrity: Next Step?

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Wed, 19 Jun 2002 20:18:06 -0700
Message-ID: <45258A4365C6B24A9832BFE224837D5523BBBF@SJDCEX01.int.exodus.net>
To: "Joseph Hui" <Joseph.Hui@exodus.net>, "David Orchard" <dorchard@bea.com>, <reagle@w3.org>, "Krishna Sankar" <ksankar@cisco.com>
Cc: <www-ws-arch@w3.org>

Correction (in square brackets) to my last message in this thread:

   One is always certainly [entitled] to one's own opinion,
   but not one's own facts.

Thanks,

Joe Hui
Exodus, a Cable & Wireless service
==========================================
> -----Original Message-----
> From: Joseph Hui 
> Sent: Wednesday, June 19, 2002 7:28 PM
> To: David Orchard; reagle@w3.org; Krishna Sankar
> Cc: www-ws-arch@w3.org
> Subject: RE: SOAP Confidentiality and Integrity: Next Step?
> 
> 
> 
> As the security champion, I do not buy the observations Dave made.
> 
> > From: David Orchard [mailto:dorchard@bea.com]
> > Sent: Wednesday, June 19, 2002 1:19 PM
> [snip]
> > On to more of a personal opinion...
> [snip]
> > So I'm certainly disappointed that we've been going for over 
> > 4 months, and
> > we haven't talked about a single specific security 
> requirement (like:
> > encrypt attachments, entire messages only, soap bodies? 
> which kinds of
> > authentication tokens to support?  Should there be a 
> > processing model for
> > encryption/signing described and interchanged? etc.).
> 
> One is always certainly to one's own opinion, but not one's own facts.
> The facts are we've got an entire set of WS security requirements,
> of which most are now beyond the draft status, and there were many
> security threads where live and informed discussions were conducted.
> (The www-ws-arh mail archive is all there for everybody that's
> interested to check.)
>  
> > At some point, if the group does not want to move quickly on 
> > an area, that's
> > it's choice (whether explict or not) and part of the price of 
> > consensus.
> > Analogies of pushing rope come to mind ;-)
> 
> There were valid opinions expressed by both camps on the issue,
> backed by sound reasoning.  It wasn't one camp's fault that 
> the other had failed to establish a convincing argument.
> (Again, anyone is welcome to check the public mail archive to
> verify the facts in this regard.)
>  
> > I hope this helps with an understanding of where the ws-arch 
> > group is wrt
> > security, and as well as some personal observations on how we 
> > got to where we are.
> 
> Not at all, because the observations weren't backed by facts.
> 
> Checking the mail archive, one should find that the participants
> in security discourses were at the forefront of taking initiatives
> in driving the process along.  With that, one may observe standards
> forums are not where one holds one's breath.  That's just due
> process, C'est la vie, ..., whatever, not something many (if 
> not all) of us would personally like to see ideally.
> How wonderful it would be if we could just shove our thoughts
> into a microwave oven and out came the consensus and specs! :-)
> Finally, I'd observe that: it'd be most unfortunate if we let
> ourselves be frustrated by the due process, and then be tempted
> by frustration into foolishness that may be construed (or
> misconstrued) as badmouthing one another in public, before
> badmouthing is necessary.
> 
> Cheers,
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> =======================================================
> > 
> > Cheers,
> > Dave
> > 
> > [1] 
http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0172.html
> [2] http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0300.html
> [3] http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0097.html
> 
> 
Received on Wednesday, 19 June 2002 23:17:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:00 GMT