Re: How secure is XForms? from pandey_arvind@extenprise.net on 2003-10-09 (www-forms@w3.org from October 2003)

From: <pandey_arvind@extenprise.net>
Date: Thu, 9 Oct 2003 23:57:21 +0530 (IST)
To: <www-forms@w3.org>, <XForms@yahoogroups.com>
Message-ID: <61723.64.214.210.1.1065724041.squirrel@dns.extenprise.net>

This answer may illustrate my ignorance more than knowledge.
But, as a vendor who has a XForm Wizard for automatically
generating XForms and a platform for integrating them with
other components such as web services or java applications,
business rules engine, data transformation maps etc to build
an application, here is $0.02 worth of expanded Questions:

a) What am I exposing when I am exposing when exposing an
   XForm to outside world? Data Model, GUI widgets, event
   handler names,...? How different is that from exposing
   a html page with servlets, jsps etc?

b) How secure are access to event handlers, which basically
   link my back-end application to presentation layer? What
   kinds of security frameworks do they support?

c) Is my data model really proprietary or public? What is
   my application need? Is the vocabulary of my web service
   that handles my Xform events public or private?

At least I will look at these sub-questions? We have built
some business applications using XForms, and I have taken
an incremental approach to how I leverage Xforms I presume.
But I do not see that I have provided any less security than
my earlier classical J2EE architecture.

But it could be that I am missing something...And if this
response violates some netiquettes of this newsgroup I
apologies in advance (which also explains my fear of posting)

Regards
Arvind Pandey
Founder & CEO, Extenprise Inc.
"seamless integration of extended enterprise"
http://www.extenprise.net




> I would like to pose a question that I first asked many months ago, "How
>  secure is XForms?" I didn't find the answers given at the time totally
> compelling.
>
> Particularly for potential business users of XForms it seems to me a
> fundamental question.
>
> What is the best, most complete answer that the XForms WG or XForms tool
>  vendors care to put forward to provide reassurance on this point?
>
> Andrew Watt
> <A
> HREF="http://www.tfosorcim.org/blog">http://www.tfosorciM.org/blog</A> -
> "Reflecting on Microsoft"

Received on Thursday, 9 October 2003 13:37:32 UTC