xml-dev - Re: [xml-dev] Generality of HTTP

Re: [xml-dev] Generality of HTTP

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] Generality of HTTP
From: Gavin Thomas Nicol <gtn@rbii.com>
Date: Tue, 22 Jan 2002 00:01:22 -0500
In-reply-to: <3C4CE752.45CE1A2B@prescod.net>
Organization: Red Bridge Interactive, Inc.
References: <200201220237.VAA25015@markbaker.ca> <E16SrsT-000147-00@server2000.ebizhostingsolutions.com> <3C4CE752.45CE1A2B@prescod.net>

On Monday 21 January 2002 11:15 pm, Paul Prescod wrote:
> I don't really know how HTTP makes this any harder than anything
> else. At least HTTP has a security model. Security for RPC seems a
> very difficult (intractable?) problem. HTTP has a very
> understandable but flexible security model. I would say that many
> services need nothing more complex than "rwx" ACLs.

HTTP isn't intrinsically more insecure  except that using HTTP 
proxies is a well-accepted practise. One part of security are the 
principals of least-priviledge and least-disclosure (don't give 
permissions to to more than the minimum, and don't tell anyone about 
things). The web (internet in general) aren't designed with these 
explicitly in mind, especially least-disclosure. 

The infrastructure as it exists is probably "goof enough", but I don't 
think it's ideal.

References:
- Re: [xml-dev] Generality of HTTP
  - From: Mark Baker <distobj@acm.org>
- Re: [xml-dev] Generality of HTTP
  - From: Gavin Thomas Nicol <gtn@rbii.com>
- Re: [xml-dev] Generality of HTTP
  - From: Paul Prescod <paul@prescod.net>

Prev by Date: Re: [xml-dev] Generality of HTTP
Next by Date: Re: [xml-dev] Generality of HTTP
Previous by thread: Re: [xml-dev] Generality of HTTP
Next by thread: Re: [xml-dev] Generality of HTTP
Index(es):
- Date
- Thread