- From: Mark Baker <distobj@acm.org>
- Date: Wed, 7 Dec 2005 12:01:20 -0500
- To: "noah_mendelsohn@us.ibm.com" <noah_mendelsohn@us.ibm.com>
- Cc: xml-dist-app@w3.org
Noah, On 12/7/05, noah_mendelsohn@us.ibm.com <noah_mendelsohn@us.ibm.com> wrote: > Mark Baker writes: > > > Unfortunately it's not the role of the service to declare that > > it can be trusted 8-); that's something only the human > > operating the client can decide, because they - not the service > > doing the redirection - have to take responsibility for the > > implications of the unsafe message.... hence the need to > > verify with them. > > I dont' think it's directly the service that says "trust my redirections", Right, but that's what I interpreted Yves to be saying when he wrote; ] However, if you have a description of a service that explicitely says ] "you might get redirected to this set of URIs, and **it is OK**" (emphasis mine) > it's the human who chooses to install "client" software that's configured > to say "if you get a redirect that matches [your favorite predicate > involving ports, endpointrefs, QNames, whatever], then assume that > redirections are to be trusted. If the human chooses to base that > predicate on a reading of the "instruction book" for some particular > service, so be it. That's his or her choice. I think the intent of the > proposed spec text is fine as it stands. Agreed. Mark -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com
Received on Wednesday, 7 December 2005 17:01:36 UTC