> -----Original Message----- > From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On > Behalf Of Cutler, Roger (RogerCutler) > Sent: Tuesday, February 25, 2003 9:37 AM > To: Champion, Mike; www-ws-arch@w3.org > Subject: RE: Visibility (was Re: Introducing the Service Oriented > Architec tural style, and it's constraints and properties. > > > > OK, since you are appealing to me, I will cheerfully set myself up: > > I think that putting just about anything in the URL's would be frowned > upon very seriously by the people concerned about security, at least > those that I am familiar with. To heck with the identity of the user -- > the nature of the service itself would probably be considered sensitive. > For example, if we send out 1000 HTTP messages to the same URL, with the > nature of the operation encrypted in the body of the message (BUY, SELL, > QUOTE PRICE, etc) I don't think there is much problem. But if we send > 250 to http://BUY and 300 to http://SELL and so on, I think that in > itself would be considered unacceptable. OK, so maybe if A is dealing > with X, then they previously agree that http://abra means BUY -- and for > B dealing with X they agree that http://cadabra means BUY -- maybe > that's OK in terms of security (I don't really know), but it sure > doesn't look very late bound or, in fact, very different from encrypting > the BUY in the message. I pass on whether that approach would be > RESTful. +1 arkinReceived on Tuesday, 25 February 2003 15:48:42 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:15 GMT