- From: Michael Condry <Michael.Condry@eng.sun.com>
- Date: Wed, 17 May 2000 08:07:20 -0700
- To: "Wesley M. Felter" <wesf@cs.utexas.edu>, <xml-dist-app@w3.org>
Yes, and when we have the XML protocol virus that ships out all the VISA cards it recieves then we will really worry about it. >Here are my three thoughts about security: > >Since most of the protocols discussed on this list let users define new >interfaces (i.e. they're really meta-protocols), there's no way to ensure >that all interfaces are designed with security in mind. > >Even if a protocol is secure, that doesn't ensure that implementations are >secure. It seems to me that most security problems I've heard of were >implementation problems rather than protocol problems. > >With those two sobering thoughts out of the way, what are people's >security needs? It's not enough to say that "foo is not secure", since >security is not one thing. I would expect an XML protocol to provide >authentication, integrity, and privacy; is there anything else that I'm >forgetting? Is a separation of authentication from authorization >desirable? > >Wesley Felter - wesf@cs.utexas.edu - http://www.cs.utexas.edu/users/wesf/ >
Received on Wednesday, 17 May 2000 02:05:42 UTC