FW: EDI and Security Text from Cutler, Roger (RogerCutler) on 2003-12-18 (www-ws-arch@w3.org from December 2003)

From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
Date: Thu, 18 Dec 2003 16:06:05 -0600
To: www-ws-arch@w3.org
Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E026F00AE@bocnte2k3.boc.chevrontexaco.net>

Posted intially inadvertently on private list.

-----Original Message-----
From: w3c-ws-arch-request@w3.org [mailto:w3c-ws-arch-request@w3.org] On
Behalf Of Cutler, Roger (RogerCutler)
Sent: Thursday, December 18, 2003 11:19 AM
To: David Booth; w3c-ws-arch@w3.org
Subject: RE: EDI and Security Text

I think your comments about URI's in the context of tracking are
interesting and that they suggest one approach to the issue.  I think
that this is not, however, the only way of dealing with it and it might
not even be the most likely one.  The reason I say this is that I have
noticed that in business applications having something be "clickable" is
often actually perceived as a liability and is carefully avoided.
(Sorry, REST folks).  There are various reasons for this involving
security and the validity of the operation.  That is, one does NOT want
to make it easy to bookmark something that makes sense only in the
context of a transaction unless the full context is somehow brought
along, and if that full context is somehow brought along that may raise
security issues.  

Labeling things with URI's for the purpose of tracking is an idea that I
think has potential, but I think you'd have to think very carefully
about how to do it in a way that really works and does not lead to
undesirable side effects.

Of course, what I'm talking about here is a scheme where URI's somehow
represent the entire tracking mechanism, or are functionally complete in
some sense by themselves.  A sort of REST approach to tracking, perhaps.
Obviously a mechanism for tracking that involves a uniform query
interface, analogous to or part of the management interface, would make
use of URI's in one way or another.

Having said that, I'm not really objecting to the text you put in.  I'm
not sure whether the discussion above suggests some addition to it or
whether it's best just left alone.

-----Original Message-----
From: David Booth [mailto:dbooth@w3.org] 
Sent: Wednesday, December 17, 2003 3:54 PM
To: Cutler, Roger (RogerCutler); w3c-ws-arch@w3.org
Subject: Re: EDI and Security Text

>You agreed to review for possible inclusion in the document:
>
>EDI Text -
>http://lists.w3.org/Archives/Public/www-ws-arch/2003Nov/0005.html

Done.  I thought it was excellent text, and included it all (with minor 
editorial changes):
http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/ws/arch/wsa/wd-wsa-arch-rev
iew2.html#edi
I also added some text to that section (subject to the group's review of

course) regarding the relationship of the WS Architecture to the Web 
Architecture, and the potential value of URIs in the context of 
tracking.  Let me know what you think.

Oh, there was one sentence that I thought needed a little more 
clarification.  I've added an editor's note about it.  Could you take a 
look at it?  It's at
http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/ws/arch/wsa/wd-wsa-arch-rev
iew2.html#edi-tracking-need

-- 
David Booth
W3C Fellow / Hewlett-Packard
Telephone: +1.617.253.1273

Received on Thursday, 18 December 2003 17:06:29 UTC