- From: Champion, Mike <Mike.Champion@SoftwareAG-USA.com>
- Date: Thu, 9 Jan 2003 13:30:10 -0700
- To: www-ws-arch@w3.org
> -----Original Message----- > From: Mark Baker [mailto:distobj@acm.org] > Sent: Thursday, January 09, 2003 3:12 PM > To: Champion, Mike > Cc: www-ws-arch@w3.org > Subject: Re: Summing up on visibility(?) > > > You want to have that discussion again? 8-) XML is just syntax. > There's nothing in XML+namespaces that a firewall can use to make a > security decision. It needs application level knowledge (see the > message to Miles). Whatever. All I know is that every day I see another article in the trade press about this; today's is http://www.networkmagazine.com/article/NMG20021223S0005 I presume that admins can configure the firewall to reject all messages they don't recognize the application semantics of, and use various rules to control the processing of messages they do recognize. Roy's quote says nothing about using only HTTP headers to monitor, cache, etc. the information. If an intermediary understands XML and SOAP, in can be configured to use XPath or whatever to peek into messages and make such decisions. Thus, *XML* allows "visibility".
Received on Thursday, 9 January 2003 15:30:45 UTC