- From: Mark Baker <distobj@acm.org>
- Date: Thu, 25 Nov 2004 00:30:47 -0500
- To: public-ws-addressing@w3.org
+1, well said Rich. It all boils down to self-description and visibility. On Wed, Nov 24, 2004 at 07:09:59PM -0500, Rich Salz wrote: > > > What I don't understand is why you think that just because WS-A includes > > as part of its > > processing model the echoing of EPR props/params as SOAP headers that > > makes it somehow special with regards > > to the security model and its application to outbound messages. > > Because it just is. Honest, it really is. > > Don't think of it as echoing, think of it as promotion. No other > generic composible specification does this. Every other spec makes > it clear, through standard use of XML, what it is. Therefore it > is easy to express a security policy, implement it, and verify it. > > Since addressing information is now put as header elements that > are indistinguishable from any other header elements, then you > cannot reliably secure them, you cannot express a policy that says > how they should be secured, and even if you could, the set of > headers to be affected not only varies per-message-type, but > per message instance. > > IT makes it *much* harder to provide end-to-send security of message > headers. Without close coupling and clumsy policy expression, it's > impossible. Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca
Received on Thursday, 25 November 2004 05:28:26 UTC