OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

Paul:

"But the whole point of web services was that we would put services on 
the public Web as we put websites on the public Web."

http://www.prescod.net/rest/security.html

Be sure that only idiots would expose their non-trivial business documents to 
"the Web" through any kind of interface.  Nothing gives a competitor such advantages as 
to be able to see this stuff.  That is why contracts for proposal responses include language 
about the public dissemination of the documents submitted.

Again, the NRC is pulling down drawings, DoD is shutting down sites and purging material, the 
Interior folks turned off their web sites altogether (may be back up, haven't checked).  This 
is the idiocy of "The Web":  "good for my career to be exposed".   That is why I get riled; 
I've seen a lot of serious stupid out of "The Web" supporters.  "information wants to be FREEE!"

Now step back from the "idiots" who bought the story Tim Berners-Lee sold them, and take a look 
at how serious business professionals design software.  They use requirements derived from contracts 
derived from proposals sent in response to requests.  No where in there is security deprecated 
or overlooked.  We have whole sections of responses dedicated to security.  We will not expose 
objects to the web that expose security holes.  We are much more likely to partition the web 
away from vital assets and use proper and well-understood techniques of dissemination management.

That said, RPCs for intranet and URIs for extranet are just fine.  The Network Is NOT the Computer. 
Using services at the public level will require intense scrutiny.  If your managers are idiots, 
they may let you do things that are stupid, just as the NRC, DoD, and others did with URLs.

len




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS