W3C home > Mailing lists > Public > www-ws-desc@w3.org > February 2002

DRXXX [was Web Services Description: Requirements]

From: Jeffrey Schlimmer <jeffsch@windows.microsoft.com>
Date: Wed, 13 Feb 2002 15:24:27 -0800
Message-ID: <2E33960095B58E40A4D3345AB9F65EC1054D9247@win-msg-01.wingroup.windeploy.ntdev.microsoft.com>
To: <www-ws-desc@w3.org>
I would love this to be stronger. As the general community becomes more
aware of protocol / implementation attacks, I'd like to see us
collectively rethink the role of the specification in minimizing these.
Just to get people's juices flowing, it might mean we put hard limits in
the spec where we've traditionally left it to an implementation -- "must
fail if larger than n", "must not follow URLs to other domains". Or we
might just strongly recommend that implementations have hard limits
rather than allocate until they run out of memory.

I haven't though really hard about this yet, but I'd love for us to do
so as we move the spec along.

--Jeff

-----Original Message-----
From: David Booth [mailto:dbooth@w3.org] 
Sent: Monday, February 11, 2002 1:01 PM
To: Jeffrey Schlimmer
Cc: www-ws-desc@w3.org
Subject: Re: Web Services Description: Requirements


At 06:11 PM 2/8/2002 -0800, you wrote:
...

>Compliance must not preclude building implementations that are 
>resistant to attacks.

This sounds like a fairly weak requirement.  Can it be stronger?

David Booth
Received on Wednesday, 13 February 2002 18:27:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:18 GMT