W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2002

Re: Draft registration of application/soap+xml

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 4 Jan 2002 14:43:16 -0800
To: Mark Baker <distobj@acm.org>
Cc: Rich Salz <rsalz@zolera.com>, xml-dist-app@w3.org
Message-ID: <20020104144316.A30252@mnot.net>

Perhaps we'd avoid some confusion if we split Security Considerations
up into traditional concerns (confidentiality, integrity,
authentication, authorisation, etc.) and these other concerns (as
it's a fairly unique application framework that can be overlayed onto
other application-layer protocols).

Something like 

3. Security Considerations

3.1 SOAP-Specific Security Considerations

3.2 Use of SOAP with Substrate Protocols

3.2.1 Tunnelled

3.2.2 Non-Tunneled

On Fri, Jan 04, 2002 at 05:16:54PM -0500, Mark Baker wrote:
> > Ah, got it.
> Excellent!
> >  My perception "Security Considerations" usually refers to 
> > issues within the thing being defined, and (much) less so its 
> > implications on others.  For example, "the password could be exposed," 
> > and not "this may result in arbitrary code being executed in your 
> > webserver." :)
> You're absolutely right that security considerations usually refers to
> those things (MarkN said the same thing to me), but I felt that this
> topic was the most important security consideration for using SOAP.
> Firewall admins are going to want to know whether they should trust
> application/soap+xml content, so I want us to be frank about the
> implications of it.
> > I think sec3 is wrongly-oriented, but don't (yet) have alternative text 
> > to propose.
> Then put on your thinkin' cap!  8-) I'm open to any any and all
> suggestions to improve on it.  But I hope you agree that discussing
> what I explained to you is an important topic.
> MB
> -- 
> Mark Baker, Chief Science Officer, Planetfred, Inc.
> Ottawa, Ontario, CANADA.      mbaker@planetfred.com
> http://www.markbaker.ca   http://www.planetfred.com

Mark Nottingham
Received on Friday, 4 January 2002 17:43:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 22:01:17 UTC