- From: Joseph Hui <Joseph.Hui@exodus.net>
- Date: Wed, 19 Jun 2002 20:18:06 -0700
- To: "Joseph Hui" <Joseph.Hui@exodus.net>, "David Orchard" <dorchard@bea.com>, <reagle@w3.org>, "Krishna Sankar" <ksankar@cisco.com>
- Cc: <www-ws-arch@w3.org>
Correction (in square brackets) to my last message in this thread: One is always certainly [entitled] to one's own opinion, but not one's own facts. Thanks, Joe Hui Exodus, a Cable & Wireless service ========================================== > -----Original Message----- > From: Joseph Hui > Sent: Wednesday, June 19, 2002 7:28 PM > To: David Orchard; reagle@w3.org; Krishna Sankar > Cc: www-ws-arch@w3.org > Subject: RE: SOAP Confidentiality and Integrity: Next Step? > > > > As the security champion, I do not buy the observations Dave made. > > > From: David Orchard [mailto:dorchard@bea.com] > > Sent: Wednesday, June 19, 2002 1:19 PM > [snip] > > On to more of a personal opinion... > [snip] > > So I'm certainly disappointed that we've been going for over > > 4 months, and > > we haven't talked about a single specific security > requirement (like: > > encrypt attachments, entire messages only, soap bodies? > which kinds of > > authentication tokens to support? Should there be a > > processing model for > > encryption/signing described and interchanged? etc.). > > One is always certainly to one's own opinion, but not one's own facts. > The facts are we've got an entire set of WS security requirements, > of which most are now beyond the draft status, and there were many > security threads where live and informed discussions were conducted. > (The www-ws-arh mail archive is all there for everybody that's > interested to check.) > > > At some point, if the group does not want to move quickly on > > an area, that's > > it's choice (whether explict or not) and part of the price of > > consensus. > > Analogies of pushing rope come to mind ;-) > > There were valid opinions expressed by both camps on the issue, > backed by sound reasoning. It wasn't one camp's fault that > the other had failed to establish a convincing argument. > (Again, anyone is welcome to check the public mail archive to > verify the facts in this regard.) > > > I hope this helps with an understanding of where the ws-arch > > group is wrt > > security, and as well as some personal observations on how we > > got to where we are. > > Not at all, because the observations weren't backed by facts. > > Checking the mail archive, one should find that the participants > in security discourses were at the forefront of taking initiatives > in driving the process along. With that, one may observe standards > forums are not where one holds one's breath. That's just due > process, C'est la vie, ..., whatever, not something many (if > not all) of us would personally like to see ideally. > How wonderful it would be if we could just shove our thoughts > into a microwave oven and out came the consensus and specs! :-) > Finally, I'd observe that: it'd be most unfortunate if we let > ourselves be frustrated by the due process, and then be tempted > by frustration into foolishness that may be construed (or > misconstrued) as badmouthing one another in public, before > badmouthing is necessary. > > Cheers, > > Joe Hui > Exodus, a Cable & Wireless service > ======================================================= > > > > Cheers, > > Dave > > > > [1] http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0172.html > [2] http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0300.html > [3] http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0097.html > >
Received on Wednesday, 19 June 2002 23:17:25 UTC