Re: Question for the Sun people from Gregory Alan Bolcer on 2000-06-08 (xml-dist-app@w3.org from June 2000)

From: Gregory Alan Bolcer <gbolcer@endtech.com>
Date: Thu, 08 Jun 2000 08:18:59 -0700
To: Dave Winer <dave@userland.com>
CC: xml-dist-app@w3.org
Message-ID: <393FB963.B08344B8@endtech.com>

Having just spent the week at JavaOne and also
talking to no less than 4 different groups at Sun including
one or two key Jini people, it seems Sun's concern with SOAP was that
they were afraid that they would now have to start parsing
HTTP and port 80 traffic on their firewall for maliscious
code. At the very least, they would have to start parsing POSTs. 
You need to think up a clever name for a SOAP security manager
(WYMO?) that can do all the old Java security things that
JavaWebServer used to do--something as simple as IP filtering
or even method-by-method authentication.  We've been playing
around with restricting and filtering specific HTTP and DAV
methods and restricting them according to a dynamically changing
group of logins.  The other half of the equation is that you need
a way to easily set up a secure area like a folder that inherits
the parent authentications.  We have an example XML file & DTD
that is parsed and generated that makes setting up particular
restrictions easier.[1]  We haven't tested the inheritance fully
yet, so there's a lot of duplication in the example, but you
can see the what we've been pursuing.  The need, from what
I can garner from Sun and others, is to provide just-enough
restriction rather than an all or nothing.  Security and
collaboration seem very much opposed to each other.  

Greg

[1] http://magi.endeavors.org/dist/conf/templates/magi_dav.xml

Dave Winer wrote:
> 
> I just was reviewing some of the material for the Java One conference, and
> re-read the What is Jini? page..
> 
> http://www.jini.org/whatisjini.html
> 
> "Devices in a network employing Jini technology are tied together using Java
> Remote Method Invocation (RMI). By using the Java programming language, a
> Jini connection architecture is secure. The discovery and join protocols, as
> well as the lookup service, depend on the ability to move Java objects,
> including their code, between Java virtual machines."
> 
> Is this RPC?
> 
> And if it is, how is it different from other forms of RPC?
> 
> In other words, why are Jini and RMI cool, but XML-RPC and SOAP not?
> 
> Dave

Received on Thursday, 8 June 2000 11:20:03 UTC