Re: XML protocol security

Yes, accept my humble apology. A person, who happend to work
for IBM did a demonstration.

I do not think the point of this thread is a corporate
positioning, but rather to consider areas were 
application level protocols need to expand
its security requirements.  With that, SOAP
and other such protocols will be quite useful.

> *IBM* did not demonstrate anything. An IBM employee (Andrew Donoho) showed an
> example of communicating between two browsers by sharing some parts of the 
> DOM. Either I didn't grok the demo or I personally don't see a SOAP level
> security flaw with what he showed .. it showed that DOM access was what
> browsers were all about and that you could share the DOM between two browsers
> using SOAP as a transport. (He was using a SOAP 1.0 implementation, but I
> don't think that's relevant.)
> What Andrew showed in no way forms an *IBM* position on SOAP security. At
> the same time, neither does this message! I personally think that a security
> layer above SOAP is necessary and useful, however, I disagree that SOAP itself
> is flawed because it doesn't come in with built-in security.

Received on Tuesday, 23 May 2000 12:54:32 UTC