- From: Dick Brooks <dick@8760.com>
- Date: Sat, 13 May 2000 14:10:29 -0500
- To: "Wesley M. Felter" <wesf@cs.utexas.edu>, <xml-dist-app@w3.org>
Wes, I suggest adding "access controls and fine grained authorization mechanisms" to your list. Dick Brooks http://www.8760.com/ -----Original Message----- From: xml-dist-app-request@w3.org [mailto:xml-dist-app-request@w3.org]On Behalf Of Wesley M. Felter Sent: Saturday, May 13, 2000 11:28 AM To: xml-dist-app@w3.org Subject: XML protocol security Here are my three thoughts about security: Since most of the protocols discussed on this list let users define new interfaces (i.e. they're really meta-protocols), there's no way to ensure that all interfaces are designed with security in mind. Even if a protocol is secure, that doesn't ensure that implementations are secure. It seems to me that most security problems I've heard of were implementation problems rather than protocol problems. With those two sobering thoughts out of the way, what are people's security needs? It's not enough to say that "foo is not secure", since security is not one thing. I would expect an XML protocol to provide authentication, integrity, and privacy; is there anything else that I'm forgetting? Is a separation of authentication from authorization desirable? Wesley Felter - wesf@cs.utexas.edu - http://www.cs.utexas.edu/users/wesf/
Received on Saturday, 13 May 2000 15:14:06 UTC