OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Generality of HTTP

[ Lists Home | Date Index | Thread Index ]

On Monday 21 January 2002 11:15 pm, Paul Prescod wrote:
> I don't really know how HTTP makes this any harder than anything
> else. At least HTTP has a security model. Security for RPC seems a
> very difficult (intractable?) problem. HTTP has a very
> understandable but flexible security model. I would say that many
> services need nothing more complex than "rwx" ACLs.

HTTP isn't intrinsically more insecure  except that using HTTP 
proxies is a well-accepted practise. One part of security are the 
principals of least-priviledge and least-disclosure (don't give 
permissions to to more than the minimum, and don't tell anyone about 
things). The web (internet in general) aren't designed with these 
explicitly in mind, especially least-disclosure. 

The infrastructure as it exists is probably "goof enough", but I don't 
think it's ideal.


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS