- From: Jeffrey Schlimmer <jeffsch@windows.microsoft.com>
- Date: Wed, 13 Feb 2002 15:24:27 -0800
- To: <www-ws-desc@w3.org>
I would love this to be stronger. As the general community becomes more aware of protocol / implementation attacks, I'd like to see us collectively rethink the role of the specification in minimizing these. Just to get people's juices flowing, it might mean we put hard limits in the spec where we've traditionally left it to an implementation -- "must fail if larger than n", "must not follow URLs to other domains". Or we might just strongly recommend that implementations have hard limits rather than allocate until they run out of memory. I haven't though really hard about this yet, but I'd love for us to do so as we move the spec along. --Jeff -----Original Message----- From: David Booth [mailto:dbooth@w3.org] Sent: Monday, February 11, 2002 1:01 PM To: Jeffrey Schlimmer Cc: www-ws-desc@w3.org Subject: Re: Web Services Description: Requirements At 06:11 PM 2/8/2002 -0800, you wrote: ... >Compliance must not preclude building implementations that are >resistant to attacks. This sounds like a fairly weak requirement. Can it be stronger? David Booth
Received on Wednesday, 13 February 2002 18:27:35 UTC