xml-dev - RE: [xml-dev] Web Services Best Practice (was: Interesting XML-DIST-APP

RE: [xml-dev] Web Services Best Practice (was: Interesting XML-DIST-APP

[ Lists Home | Date Index | Thread Index ]

To: "'Roger L. Costello'" <costello@mitre.org>, xml-dev@lists.xml.org
Subject: RE: [xml-dev] Web Services Best Practice (was: Interesting XML-DIST-APP thread)
From: Michael Brennan <Michael_Brennan@Allegis.com>
Date: Thu, 10 Jan 2002 12:50:36 -0800

> From: Roger L. Costello [mailto:costello@mitre.org]

<snip/>

> Any other "best practices"?  /Roger

I would add that implementors must take appropriate measures to address
security factors, such as confidentiality and non-repudiation. One of my big
fears is that the web services "revolution" will bring us sensitive
transactions flying around the net in clear text without adequate
authentication. I know for a fact that the lack of understanding of security
concerns among most developers is leading to some truly frightening systems,
and the internet today is like a global piece of swiss cheese with gaping
security holes all over the place.

I agree with Bruce Schneier [1] that customers and courts need to start
holding software vendors liable for shoddy practices with regard to
security. That is the only way that all too many software vendors will start
treating these matters seriously.

[1] http://www.counterpane.com/crypto-gram-0112.html#2

Prev by Date: Re: [Sax-devel] SAX2 r2 ... last call!
Next by Date: RE: [xml-dev] Web Services Best Practice (was: Interesting XML-DI ST-APP thread)
Previous by thread: [xml-dev] Web Services Best Practice (was: Interesting XML-DIST-APP thread)
Next by thread: RE: [xml-dev] Web Services Best Practice (was: Interesting XML-DIST-APP thread)
Index(es):
- Date
- Thread