- From: Christopher Ferris <chris.ferris@sun.com>
- Date: Sat, 04 May 2002 09:55:20 -0400
- To: "'www-ws-arch@w3.org'" <www-ws-arch@w3.org>
MSFT: The text requires multiple readings to detect that "a Web service" is
unrelated to "Web Services". The text notwithstanding, we are
unconvinced that the suggested remedy can actually be effected.
SUNW: Still not clear how a security model discussing secure interactions
with a web service affects building those services securely. Denial of
service has little to do with the underlying interaction models and this
requirement goes "inside" the web service, cutting too close to the
solution space.
Perhaps, a service description could inform the world what the service
would consider to be a DoS attack ("do not hit me more than once in 10m").
HP: I'm concerned that this is unneccesary and will be covered by having system
integrity. I believe that the intent of this requirement would be more
clearly defined/described if I understood the security threats and policy
objectives better. Can we leave this out until we have these better defined?
SYBS: Not sure if it fits in "Architecture for Web Services" realm
W3C: See http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0012.html
ORCL: This is too general to be measurable as to success in meeting the requirement.
PF: This is not an architectural issue. It could even be said to be an
implementation issue.
CrossWeave: It's unclear whether this could be implemented.
Received on Saturday, 4 May 2002 09:58:03 UTC