- From: Michael Condry <Michael.Condry@eng.sun.com>
- Date: Tue, 23 May 2000 09:53:49 -0700 (PDT)
- To: andrewl@microsoft.com, Michael.Condry@eng.sun.com, xml-dist-app@w3.org, sanjiva@watson.ibm.com
Yes, accept my humble apology. A person, who happend to work for IBM did a demonstration. I do not think the point of this thread is a corporate positioning, but rather to consider areas were application level protocols need to expand its security requirements. With that, SOAP and other such protocols will be quite useful. > *IBM* did not demonstrate anything. An IBM employee (Andrew Donoho) showed an > example of communicating between two browsers by sharing some parts of the > DOM. Either I didn't grok the demo or I personally don't see a SOAP level > security flaw with what he showed .. it showed that DOM access was what > browsers were all about and that you could share the DOM between two browsers > using SOAP as a transport. (He was using a SOAP 1.0 implementation, but I > don't think that's relevant.) > > What Andrew showed in no way forms an *IBM* position on SOAP security. At > the same time, neither does this message! I personally think that a security > layer above SOAP is necessary and useful, however, I disagree that SOAP itself > is flawed because it doesn't come in with built-in security.
Received on Tuesday, 23 May 2000 12:54:32 UTC