W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2002

Re: Encryption and the processing model

From: Mark Baker <distobj@acm.org>
Date: Sun, 13 Jan 2002 11:33:00 -0500 (EST)
Message-Id: <200201131633.LAA13276@markbaker.ca>
To: rsalz@zolera.com (Rich Salz)
Cc: david.orchard@bea.com (David Orchard), xml-dist-app@w3.org
> But that's the question, isn't it?  Does SOAP place visibility 
> requirements?  I don't see any discussion of that in the spec.

Well, I think we've been implicitly proceeding assuming that this
information is visible.  To permit encryption of it would require us to
deal with additional cases.  For example, what are the implications on
the end-to-end model if we permit these blobs to be converted into
headers later in the chain?

Personally, I like the end to end model that we've defined, and I'd
be really wary of complicating it by considering those issues without
a clear requirement that we do so.

> In my note I tried to show a sample use where such "blinding" can be 
> useful and financially important.  I would hate to see us rule it out, 
> and would rather we just point out that you might have problems if you 
> do that kind of thing and aren't careful.

Would you mind filling out that example a bit, i.e. what would an
example header name and value be?

Thanks.

MB
-- 
Mark Baker, Chief Science Officer, Planetfred, Inc.
Ottawa, Ontario, CANADA.      mbaker@planetfred.com
http://www.markbaker.ca   http://www.planetfred.com
Received on Sunday, 13 January 2002 11:32:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:05 GMT