OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] REST has too many verbs

[ Lists Home | Date Index | Thread Index ]

On Monday 11 February 2002 01:56 pm, Paul Prescod wrote:
> Gavin Thomas Nicol wrote:
> > > If you do that, you make it extremely difficult to build
> > > intermediaries like:
> > >
> > >  * store-and-forward services
> > >  * caches
> > >  * firewalls
> > >  * proxies
> > >  * message routers
> > >  * privacy managing intermediaries
> >
> > This is not strictly true.
>
> You say that but your message did not provide any evidence.

OK. I'll play the game... you *prove* to *me* that these become 
extremely difficult, and then I'll prove that you're wrong... 

> > I don't think you can assume that visibility is always a good
> > thing....
>
> Optional visibility is always a good thing. You can turn it off
> easily if you don't want it. SSL is an example of turning it off.

Prove that "optional visibility is always a good thing". Explain to be 
why tacking on SSL and authentication mechanisms is better than 
controlled disclosure in the first place.... especially for things 
like web services.

> So you're saying that HTTP can be fairly easily attacked from a
> security point of view unless you use the security features.

No, I am pointing out that open disclosure and visibility aren't 
necessarily good things... indeed, the basic tenet of security is the 
principal of "least priviledge", which implies lack of both these 
things. SSL was created because HTTP, in and of itself, has very poor 
security.  






 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS