Yes, accept my humble apology. A person, who happend to work for IBM did a demonstration. I do not think the point of this thread is a corporate positioning, but rather to consider areas were application level protocols need to expand its security requirements. With that, SOAP and other such protocols will be quite useful. > *IBM* did not demonstrate anything. An IBM employee (Andrew Donoho) showed an > example of communicating between two browsers by sharing some parts of the > DOM. Either I didn't grok the demo or I personally don't see a SOAP level > security flaw with what he showed .. it showed that DOM access was what > browsers were all about and that you could share the DOM between two browsers > using SOAP as a transport. (He was using a SOAP 1.0 implementation, but I > don't think that's relevant.) > > What Andrew showed in no way forms an *IBM* position on SOAP security. At > the same time, neither does this message! I personally think that a security > layer above SOAP is necessary and useful, however, I disagree that SOAP itself > is flawed because it doesn't come in with built-in security.Received on Tuesday, 23 May 2000 12:54:32 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:41:40 GMT