- From: Mark Baker <distobj@acm.org>
- Date: Sun, 13 Jan 2002 11:33:00 -0500 (EST)
- To: rsalz@zolera.com (Rich Salz)
- Cc: david.orchard@bea.com (David Orchard), xml-dist-app@w3.org
> But that's the question, isn't it? Does SOAP place visibility > requirements? I don't see any discussion of that in the spec. Well, I think we've been implicitly proceeding assuming that this information is visible. To permit encryption of it would require us to deal with additional cases. For example, what are the implications on the end-to-end model if we permit these blobs to be converted into headers later in the chain? Personally, I like the end to end model that we've defined, and I'd be really wary of complicating it by considering those issues without a clear requirement that we do so. > In my note I tried to show a sample use where such "blinding" can be > useful and financially important. I would hate to see us rule it out, > and would rather we just point out that you might have problems if you > do that kind of thing and aren't careful. Would you mind filling out that example a bit, i.e. what would an example header name and value be? Thanks. MB -- Mark Baker, Chief Science Officer, Planetfred, Inc. Ottawa, Ontario, CANADA. mbaker@planetfred.com http://www.markbaker.ca http://www.planetfred.com
Received on Sunday, 13 January 2002 11:32:08 UTC