Issue 7970

Bob,

We see some problems with issue 7970 [1] and we share our thoughts
below.

1) Current WS-Eventing is based on a set of well-defined web services
(source, sink, subscriber and subscription manager). If there is some
entity that interacts with WS-Eventing services, it should be either
defined in the spec, or it should be out of scope. This proposal
involves interactions with some entity whose behavior is not defined in
the spec. 

2) By allowing an unknown third-party (instead of event source) to send
notifications to event sink complicates security checks against attacks
to the event sink. For example, IP blocking would not work since the
true notification senders are unknown, even after the subscription. 

3) Current WS-Eventing architecture can handle this use case by having
the event source forward notifications (from other senders) to the
sinks. Therefore, alternative approaches should be treated as
extensions.

Thanks,

- Wu Chou/Li Li, 

[1] http://www.w3.org/Bugs/Public/show_bug.cgi?id=7970
<http://www.w3.org/Bugs/Public/show_bug.cgi?id=7970> 

 
 

Received on Monday, 26 October 2009 14:24:27 UTC