W3C home > Mailing lists > Public > www-ws-arch@w3.org > February 2003

RE: Visibility (was Re: Introducing the Service Oriented Architec tural style, and it's constraints and properties.

From: Assaf Arkin <arkin@intalio.com>
Date: Tue, 25 Feb 2003 12:47:10 -0800
To: "Cutler, Roger \(RogerCutler\)" <RogerCutler@chevrontexaco.com>, "Champion, Mike" <Mike.Champion@SoftwareAG-USA.com>, <www-ws-arch@w3.org>
Message-ID: <IGEJLEPAJBPHKACOOKHNAEAPDEAA.arkin@intalio.com>



> -----Original Message-----
> From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
> Behalf Of Cutler, Roger (RogerCutler)
> Sent: Tuesday, February 25, 2003 9:37 AM
> To: Champion, Mike; www-ws-arch@w3.org
> Subject: RE: Visibility (was Re: Introducing the Service Oriented
> Architec tural style, and it's constraints and properties.
> 
> 
> 
> OK, since you are appealing to me, I will cheerfully set myself up:
> 
> I think that putting just about anything in the URL's would be frowned
> upon very seriously by the people concerned about security, at least
> those that I am familiar with.  To heck with the identity of the user --
> the nature of the service itself would probably be considered sensitive.
> For example, if we send out 1000 HTTP messages to the same URL, with the
> nature of the operation encrypted in the body of the message (BUY, SELL,
> QUOTE PRICE, etc) I don't think there is much problem.  But if we send
> 250 to http://BUY and 300 to http://SELL and so on, I think that in
> itself would be considered unacceptable.  OK, so maybe if A is dealing
> with X, then they previously agree that http://abra means BUY -- and for
> B dealing with X they agree that http://cadabra means BUY -- maybe
> that's OK in terms of security (I don't really know), but it sure
> doesn't look very late bound or, in fact, very different from encrypting
> the BUY in the message.  I pass on whether that approach would be
> RESTful.

+1

arkin
Received on Tuesday, 25 February 2003 15:48:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:15 GMT