- From: Rich Salz <rsalz@datapower.com>
- Date: Sun, 13 Mar 2005 10:56:23 -0500 (EST)
- To: "Srinivas, Davanum M" <Davanum.Srinivas@ca.com>
- cc: "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>
> Question #1: If we add the wsa:Security, will it make it automatically
> usable with current toolkits? (or) will it just show everyone how to
> implement this (if they read our spec and make changes to their existing
> toolkits)?
It will make the simple things -- signature validation, for example --
much more likely to "just work." I do not have a lot of experience with a
wide variety of WS-Security toolkits (some folks consider us competition
:), but I have seen some that assume that *all* security work is in the
WS-Security header.
It will *not* make the trust issues -- the thing I mentioned as the "key
paragraph" automatic.
> Question #2: Are there changes we can make that will make this scenario
> work with existing toolkits? (i guess not, if it were you would not have
> had to write this long email. right? :)
I don't know of any toolkit that "just does this." I'm not sure
it's possible. Even if there were, however, I think it's worthwhile
for this WG to understand some of the issues involved, as most of the
people here aren't actively involved in that part of things, as far as
I can tell.
At the risk of hubris, I'd really like to see what I wrote become
the basis of something official that comes out of this WG.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
Received on Sunday, 13 March 2005 15:56:26 UTC