W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2002

Re: Draft registration of application/soap+xml

From: Mark Baker <distobj@acm.org>
Date: Fri, 4 Jan 2002 17:16:54 -0500 (EST)
Message-Id: <200201042216.RAA17356@markbaker.ca>
To: rsalz@zolera.com (Rich Salz)
Cc: xml-dist-app@w3.org
> Ah, got it.


>  My perception "Security Considerations" usually refers to 
> issues within the thing being defined, and (much) less so its 
> implications on others.  For example, "the password could be exposed," 
> and not "this may result in arbitrary code being executed in your 
> webserver." :)

You're absolutely right that security considerations usually refers to
those things (MarkN said the same thing to me), but I felt that this
topic was the most important security consideration for using SOAP.
Firewall admins are going to want to know whether they should trust
application/soap+xml content, so I want us to be frank about the
implications of it.

> I think sec3 is wrongly-oriented, but don't (yet) have alternative text 
> to propose.

Then put on your thinkin' cap!  8-) I'm open to any any and all
suggestions to improve on it.  But I hope you agree that discussing
what I explained to you is an important topic.

Mark Baker, Chief Science Officer, Planetfred, Inc.
Ottawa, Ontario, CANADA.      mbaker@planetfred.com
http://www.markbaker.ca   http://www.planetfred.com
Received on Friday, 4 January 2002 17:16:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:11:45 UTC