Re: Minutes of the Web Services Addressing / TAG joint meeting

> "underlying" protocol such as HTTP.  Duplication has serious downsides,
> but also some advantages, and may be a reasonable compromise in some
> cases, perhaps this one.

There is no way to get end-to-end security on HTTP headers.  Put another
way, while I can sign a wsa:To element, there is no way (at least not
standard way; there might be a private shcme I don't know about)
to sign the URL in the POST command.

	/r$
-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

Received on Friday, 4 March 2005 15:48:03 UTC