- From: Rich Salz <rsalz@datapower.com>
- Date: Fri, 4 Mar 2005 10:46:59 -0500 (EST)
- To: "noah_mendelsohn@us.ibm.com" <noah_mendelsohn@us.ibm.com>
- cc: Mark Baker <distobj@acm.org>, "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
> "underlying" protocol such as HTTP. Duplication has serious downsides, > but also some advantages, and may be a reasonable compromise in some > cases, perhaps this one. There is no way to get end-to-end security on HTTP headers. Put another way, while I can sign a wsa:To element, there is no way (at least not standard way; there might be a private shcme I don't know about) to sign the URL in the POST command. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
Received on Friday, 4 March 2005 15:48:03 UTC