Re: HTTP based async request-response from Rich Salz on 2005-02-03 (public-ws-async-tf@w3.org from February 2005)

From: Rich Salz <rsalz@datapower.com>
Date: Thu, 03 Feb 2005 11:43:44 -0500
To: Marc Hadley <Marc.Hadley@Sun.COM>
CC: "public-ws-async-tf@w3.org" <public-ws-async-tf@w3.org>
Message-ID: <420254C0.5010203@datapower.com>

>> How can I be sure that the client doing the "new GET" is in fact the same
>> as the first client who did the original POST?
> 
> 
> I don't think you can be sure. You can generate sufficiently unique URI 
> for the redirect to ensure that clients won't stumble on each others 
> responses by mistake and you can use HTTPS to hide the redirects from 
> snoopers.

I'll take "security considerations for 10, Alex" :)

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

Received on Thursday, 3 February 2005 16:43:27 UTC