W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2000

Re: XML protocol security

From: Michael Condry <Michael.Condry@eng.sun.com>
Date: Tue, 23 May 2000 09:53:49 -0700 (PDT)
Message-Id: <200005231654.e4NGsTh153089@jurassic.eng.sun.com>
To: andrewl@microsoft.com, Michael.Condry@eng.sun.com, xml-dist-app@w3.org, sanjiva@watson.ibm.com
Yes, accept my humble apology. A person, who happend to work
for IBM did a demonstration.

I do not think the point of this thread is a corporate
positioning, but rather to consider areas were 
application level protocols need to expand
its security requirements.  With that, SOAP
and other such protocols will be quite useful.


> *IBM* did not demonstrate anything. An IBM employee (Andrew Donoho) showed an
> example of communicating between two browsers by sharing some parts of the 
> DOM. Either I didn't grok the demo or I personally don't see a SOAP level
> security flaw with what he showed .. it showed that DOM access was what
> browsers were all about and that you could share the DOM between two browsers
> using SOAP as a transport. (He was using a SOAP 1.0 implementation, but I
> don't think that's relevant.)
> 
> What Andrew showed in no way forms an *IBM* position on SOAP security. At
> the same time, neither does this message! I personally think that a security
> layer above SOAP is necessary and useful, however, I disagree that SOAP itself
> is flawed because it doesn't come in with built-in security.
Received on Tuesday, 23 May 2000 12:54:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:56 GMT