- From: Martin Gudgin <mgudgin@microsoft.com>
- Date: Mon, 22 Nov 2004 11:19:01 -0800
- To: "Hugo Haas" <hugo@w3.org>
- Cc: "Glen Daniels" <gdaniels@sonicsoftware.com>, <public-ws-addressing@w3.org>
> -----Original Message----- > From: Hugo Haas [mailto:hugo@w3.org] > Sent: 22 November 2004 18:07 > To: Martin Gudgin > Cc: Glen Daniels; public-ws-addressing@w3.org > Subject: Re: ISSUE 8 : "Clarity and Safety" > > * Martin Gudgin <mgudgin@microsoft.com> [2004-11-22 07:02-0800] > > > The WS-Addressing submission states that reference properties and > > > parameters are "assumed to be opaque to consuming applications". > > > > > > In these conditions, how can I decide whether I like them or not? > > > > The same way you decide whether or not you like a URI? > > There's a slight difference though: you know that the destination URI > is an identifier for the destination, whereas reference properties > could be abused by making you insert XML that does additional > processing which looks like it's been requested by the service client. Whereas URIs are never abused to send people to a 'non-obvious' site... I was just trying to address a problem other people had been positing. It's not a problem for me because I'll only trust EPRs signed by certain parties. And I'll trust that those parties are giving me the correct URI and RefProps/Params. > > > The fact that some XML can be assumed to be opaque does not preclude > > someone from making decisions based on aspects of that XML. > People have > > posited that they might have reasons for not wanting to use certain > > reference property/parameter elements. If this is the case, > then they > > need to *not* treat the data as opaque and rather use > whatever criteria > > they choose to deterimine whether the data does or does not > fit those > > criteria. > > I think that it's weird to define them as opaque and then, in the > yet-to-be-written security portion of our spec, advice people not to > treat those as opaque, especially as this XML could really be > anything. I think they are as opaque as URIs. I can treat a URI as opaque, indeed, as a user of URIs I am encouraged to do so. However, I often inspect a particular URI and choose not to follow it based on information I glean from such inspection. Gudge > > Cheers, > > Hugo > > -- > Hugo Haas - W3C > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ >
Received on Monday, 22 November 2004 19:19:35 UTC