W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2000

Re: XML protocol security

From: Michael Condry <Michael.Condry@eng.sun.com>
Date: Wed, 17 May 2000 08:07:20 -0700
Message-Id: <200005170605.e4H65Kh203524@jurassic.eng.sun.com>
To: "Wesley M. Felter" <wesf@cs.utexas.edu>, <xml-dist-app@w3.org>
Yes, and when we have the XML protocol virus that
ships out all the VISA cards it recieves then
we will really worry about it.

>Here are my three thoughts about security:
>
>Since most of the protocols discussed on this list let users define new
>interfaces (i.e. they're really meta-protocols), there's no way to ensure
>that all interfaces are designed with security in mind.
>
>Even if a protocol is secure, that doesn't ensure that implementations are
>secure. It seems to me that most security problems I've heard of were
>implementation problems rather than protocol problems.
>
>With those two sobering thoughts out of the way, what are people's
>security needs? It's not enough to say that "foo is not secure", since
>security is not one thing. I would expect an XML protocol to provide
>authentication, integrity, and privacy; is there anything else that I'm
>forgetting? Is a separation of authentication from authorization
>desirable?
>
>Wesley Felter - wesf@cs.utexas.edu - http://www.cs.utexas.edu/users/wesf/
>
Received on Wednesday, 17 May 2000 02:05:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:56 GMT