Re: Summing up on visibility(?) from Walden Mathews on 2003-01-10 (www-ws-arch@w3.org from January 2003)

From: Walden Mathews <waldenm@optonline.net>
Date: Fri, 10 Jan 2003 00:10:56 -0500
To: "Champion, Mike" <Mike.Champion@SoftwareAG-USA.com>, www-ws-arch@w3.org
Message-id: <00b001c2b866$a88727c0$1702a8c0@WorkGroup>

Mike,

> > In order to perform a security function, wouldn't it have to
> > "understand"
> > more than XML and SOAP syntax, though?  How would it arrive at that
> > (higher) level of understanding?
>
> Beats me, I'm not in the firewall business. Those who are in the firewall
> business seem to be frantically building products that claim to do useful
> things by parsing the XML, understanding the SOAP processing model, and
> letting the customer define security rules based on this stuff. If you're
> right, I guess they'll fail.  We shall see.

I don't think they will, not financially at least, since hope drives sales.
But they're not my concern.  I'm looking at this from the perspective
of a guy who has to build systems or advise groups who have to; that's
been my role in this domain, to a limited degree.

>
> But once again, I'm not clear on what you're asking the WSA WG to do.

Actually, I didn't think of asking them to do anything.  I was just
prying at some stuff that looked to me like popular fallacy, in the hope
that if distinct points were put to rest, different conclusions might
emerge.  I think I showed how a legacy service with no idempotent
operations can be wrapped in an idempotent interface [1].  This was
counter to a claim that the only way to get to idempotence was to
burden the client with sequence numbers.  No one has answered my
claim or provided a harder case.  This was supposed to be a reason
why RM was necessary.  I'm just wondering if that opinion moved
even slightly in response to my post.

If I were going to make a request of the WSA WG, I guess it would
be to conduct a "fair trial" of the issue.  I'm not going to run after
people
and demand that they agree with me, unless you think I should. ;-)

 > Mark
> raises the "visibility" issue periodically as a principle that should
> somehow be respected, and it appears that most of us don't get the point.
> To the limited extent that I understand what you're getting at here, it
> seems to me that XML supports "visibility" because 3rd party tools,
> intermediaries, etc. can extract useful information for routing, cacheing,
> security, etc. without truly "understanding" what's going on.

When you say "supports" do you mean "enhances", or just "doesn't
obstruct"?  Maybe that's the disconnect.  If the former, I suspect
that "support" takes the form of elaborate configuration, in which case
the burden is on the admin to "program" intricate sets of rules into
the firewall config, based on text patterns.  Maybe XML, by keeping
content ascii, eases that burden, but it's still a crusher, if you ask me.

Walden

Received on Friday, 10 January 2003 00:11:04 UTC