W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2000

Re: XML protocol security

From: Justin Chapweske <justin@cyrus.net>
Date: Thu, 18 May 2000 14:26:25 -0500
Message-ID: <392443E1.B7881C24@cyrus.net>
To: Adi Oltean <aoltean@Exchange.Microsoft.com>
CC: xml-dist-app@w3.org
Excellent points adi, but I wonder if we can't have both.  I seriously
doubt that anyone is going to want to sacrifice SOAP's simplicity to add
object references and a strong security model, but there needs to be a
realization from all of the SOAP advocates that this is a designed
limitation.  The reason I say this is because if SOAP becomes as popular
as many think it will, and it has weaknesses, then the SOAP enthusaists
need to be able to swallow their pride and recommend stronger
solutions.  One of these stronger solutions may very well be a SOAP
extension to add capabilities and object references, which leads to my
question:

Does SOAP's implementation simplicity hold as much value once SOAP has
been widely deployed and robust tools have been developed for it?  The
simplicity is a very strong feature for the early adoption of this
technology, but as it becomes more mature are we going to be willing to
trade off simplicity for stronger security guarentees?  If the feeling
is that we would be likely to make some trade-offs, then people should
consider very carefully the migration path that will need to be taken
from the current SOAP to SOAP-FAT in the future...

Hope this gets people to throw some food at each other....

-- 
Justin Chapweske - Noodler, Cyrus Intersoft
http://www.cyrusintersoft.com/
Received on Thursday, 18 May 2000 15:30:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:56 GMT