- From: Joseph Hui <Joseph.Hui@exodus.net>
- Date: Wed, 19 Jun 2002 19:27:54 -0700
- To: "David Orchard" <dorchard@bea.com>, <reagle@w3.org>, "Krishna Sankar" <ksankar@cisco.com>
- Cc: <www-ws-arch@w3.org>
As the security champion, I do not buy the observations Dave made. > From: David Orchard [mailto:dorchard@bea.com] > Sent: Wednesday, June 19, 2002 1:19 PM [snip] > On to more of a personal opinion... [snip] > So I'm certainly disappointed that we've been going for over > 4 months, and > we haven't talked about a single specific security requirement (like: > encrypt attachments, entire messages only, soap bodies? which kinds of > authentication tokens to support? Should there be a > processing model for > encryption/signing described and interchanged? etc.). One is always certainly to one's own opinion, but not one's own facts. The facts are we've got an entire set of WS security requirements, of which most are now beyond the draft status, and there were many security threads where live and informed discussions were conducted. (The www-ws-arh mail archive is all there for everybody that's interested to check.) > At some point, if the group does not want to move quickly on > an area, that's > it's choice (whether explict or not) and part of the price of > consensus. > Analogies of pushing rope come to mind ;-) There were valid opinions expressed by both camps on the issue, backed by sound reasoning. It wasn't one camp's fault that the other had failed to establish a convincing argument. (Again, anyone is welcome to check the public mail archive to verify the facts in this regard.) > I hope this helps with an understanding of where the ws-arch > group is wrt > security, and as well as some personal observations on how we > got to where we are. Not at all, because the observations weren't backed by facts. Checking the mail archive, one should find that the participants in security discourses were at the forefront of taking initiatives in driving the process along. With that, one may observe standards forums are not where one holds one's breath. That's just due process, C'est la vie, ..., whatever, not something many (if not all) of us would personally like to see ideally. How wonderful it would be if we could just shove our thoughts into a microwave oven and out came the consensus and specs! :-) Finally, I'd observe that: it'd be most unfortunate if we let ourselves be frustrated by the due process, and then be tempted by frustration into foolishness that may be construed (or misconstrued) as badmouthing one another in public, before badmouthing is necessary. Cheers, Joe Hui Exodus, a Cable & Wireless service ======================================================= > > Cheers, > Dave > > [1] http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0172.html > [2] http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0300.html > [3] http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0097.html > >
Received on Wednesday, 19 June 2002 22:27:13 UTC