OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Web Services Best Practice (was: Interesting XML-DIST-APP

[ Lists Home | Date Index | Thread Index ]

> From: Roger L. Costello [mailto:costello@mitre.org]


> Any other "best practices"?  /Roger

I would add that implementors must take appropriate measures to address
security factors, such as confidentiality and non-repudiation. One of my big
fears is that the web services "revolution" will bring us sensitive
transactions flying around the net in clear text without adequate
authentication. I know for a fact that the lack of understanding of security
concerns among most developers is leading to some truly frightening systems,
and the internet today is like a global piece of swiss cheese with gaping
security holes all over the place.

I agree with Bruce Schneier [1] that customers and courts need to start
holding software vendors liable for shoddy practices with regard to
security. That is the only way that all too many software vendors will start
treating these matters seriously.

[1] http://www.counterpane.com/crypto-gram-0112.html#2


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS