- From: Rich Salz <rsalz@datapower.com>
- Date: Wed, 24 Nov 2004 17:29:06 -0500 (EST)
- To: Christopher B Ferris <chrisfer@us.ibm.com>
- cc: David Orchard <dorchard@bea.com>, Francisco Curbera <curbera@us.ibm.com>, Martin Gudgin <mgudgin@microsoft.com>, "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "public-ws-addressing-request@w3.org" <public-ws-addressing-request@w3.org>
> The "hole" you describe with pipelining applies equally to all SOAP > headers and the SOAP body as well. It is not constrained to > ref props/params. I don't understand what the issue is really. The issue is that WS-Addressing seems to be the only spec (that I know of; so many specs, so little time), that essentially rewrites things so that data is now "generic" SOAP header blocks. As I have tried to show in two (soon to be three) notes, this makes end-to-end security of WS-Addressing information effectively impossible to achieve using the current SOAP binding mechanism. I think that's bad. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 24 November 2004 22:29:07 UTC