Yes, and when we have the XML protocol virus that ships out all the VISA cards it recieves then we will really worry about it. >Here are my three thoughts about security: > >Since most of the protocols discussed on this list let users define new >interfaces (i.e. they're really meta-protocols), there's no way to ensure >that all interfaces are designed with security in mind. > >Even if a protocol is secure, that doesn't ensure that implementations are >secure. It seems to me that most security problems I've heard of were >implementation problems rather than protocol problems. > >With those two sobering thoughts out of the way, what are people's >security needs? It's not enough to say that "foo is not secure", since >security is not one thing. I would expect an XML protocol to provide >authentication, integrity, and privacy; is there anything else that I'm >forgetting? Is a separation of authentication from authorization >desirable? > >Wesley Felter - wesf@cs.utexas.edu - http://www.cs.utexas.edu/users/wesf/ >Received on Wednesday, 17 May 2000 02:05:42 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:41:40 GMT