- From: Champion, Mike <Mike.Champion@SoftwareAG-USA.com>
- Date: Tue, 6 Aug 2002 12:59:44 -0600
- To: www-ws-arch@w3.org
> -----Original Message----- > From: Ugo Corda [mailto:UCorda@SeeBeyond.com] > Sent: Tuesday, August 06, 2002 1:47 PM > To: 'Mark Baker'; Cutler, Roger (RogerCutler) > Cc: www-ws-arch@w3.org > Subject: RE: Security Question > > > By the way, the latest decision of the WS-I Basic Profile in > this area is to > require PSVI evaluation on the receiving side. (But it is still rather > controversial within the working group). Hmm, since the type information defined in a schema is part of the PSVI and not the InfoSet, I guess my suggestion to not rely on the PSVI in a web service was not well thought through ... still, I think the security implications of default and fixed attribute values is something that we may want to address. Also, this reminds me that we need to think about this WG's relationship with the WS-I. I suspect that most of our companies are WS-I members, so we'll have access to information about their deliberations, but we need to be careful about whatever confidentiality guidelines WS-I may impose. I [personally, not wearing chair hat] think that we need to "harvest" WS-I conclusions/recommendations and either a) endorse them; b) note caveats that may make them less relevant in the future; or c) counter them if we really think they are not in the best interest of the overall web/web services architecture in the long run.
Received on Tuesday, 6 August 2002 15:58:32 UTC