RE: D-AG006 Security

I'm not quite sure what you mean by "transaction processing". I have heard
the term used in more than one way.  Is the concern essentially to have a
mechanism for handling stateful transactions -- for example, to carry state
information in the messages?  Or are you talking about the idea of "rolling
back" a transaction if it fails -- or possibly of initiating compensating
transactions? 

-----Original Message-----
From: Joseph Hui [mailto:jhui@digisle.net] 
Sent: Tuesday, March 12, 2002 4:14 PM
To: Cutler, Roger (RogerCutler); Krishna Sankar; www-ws-arch@w3.org
Subject: RE: D-AG006 Security


> -----Original Message-----
[snip]
> Could we possibly consider putting reliable messaging into
> the security bucket?  

I don't think so.  There's no security primitives that
would fit the bill of reliable messaging (RM), which I sometimes
characterize as "layer-7 TCP" where a session between two endpoints may span
over several time-serialized connections, disconnections, reconnections.
AG006 may include securing RM, but not RM per se.

While at it, let me mention that if you want to include 
RM in WS-Arch, then you may as well not leave out transaction processing.

[snip]
> it is a natural
> progression of thought:  "I'm worried about who the author of
> the message
> is, whether it is distorted, and that IT ACTUALLY GETS THERE".
                                        ^^^^^^^^^^^^^^^^^^^^^^ There no
security primitives that can guarantee data arrival.

Joe Hui
Exodus, a Cable & Wireless service

Received on Tuesday, 12 March 2002 17:32:10 UTC