xml-dev - RE: [xml-dev] Two sides of SOAP (was RE: [xml-dev] SOAP-RPC and R EST an

RE: [xml-dev] Two sides of SOAP (was RE: [xml-dev] SOAP-RPC and R EST an

[ Lists Home | Date Index | Thread Index ]

To: 'Michael Brennan' <Michael_Brennan@Allegis.com>, 'Mike Champion' <mc@xegesis.org>, xml-dev@lists.xml.org
Subject: RE: [xml-dev] Two sides of SOAP (was RE: [xml-dev] SOAP-RPC and R EST and security)
From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Date: Fri, 22 Feb 2002 08:35:55 -0600

Perhaps before we take up a petition, all concerned developers 
could write a position paper outlining the concerns and possible 
remediations and alternatives.  This paper could be submitted 
to the WSIO although I am not sure by who or what.  It would 
be best if a grassroots work is picked up by say, OASIS or 
even the W3C or both.   It is a positive move and contributes 
rather than detracts.   The WSIO says its mission is to 
ensure interoperability.  Part of interoperability is 
safety and security.  We would be helping.  My guess is 
these threads and the summaries at XML.COM could be the 
basis for such a position paper.  Perhaps xml.com and 
o'reilly could sponsor this.

The WSIO can blithely ignore it, but it would be a 
public work and useful if the dire predictions of 
Prescod et al come to pass.

len

-----Original Message-----
From: Michael Brennan [mailto:Michael_Brennan@Allegis.com]

> From: Bullard, Claude L (Len) [mailto:clbullar@ingr.com]

<snip/>

> I'm sold on 
> 
> 1.  Training before development of web services. 
> 2.  Inspection prior to deployment of web services.
> 3.  Security testing suites.
> 4.  Properly constructed contracts for web services 
>     that include security provisions and remediation clauses.
> 
> Which is how the best will do business anyway and buying 
> less than quality is a mistake to begin with.  I think that 
> list above is a good one for the WSIO to consider.

That sounds great to me.

> I'm not sold on but convinced that web services will result 
> in some web service business types becoming regulated businesses 
> just as the utilities are.  It will take some years and 
> a change of administration for that to happen, and probably, 
> a catastrophe to get their attention.

Yeah, and unfortunately I think you are right that it will take a
catastrophe -- and even then they will most likely botch it. The government
doesn't have a good track record of *intelligent* regulation of
technology-related matters. Anti-hacker efforts, for instance, seem to have
put more whistle-blowers and good-samaritans in jail then malicious hackers.
It would be wise for the industry to get out in front of this issue. It
would be very wise for the WSIO to take this up.

Follow-Ups:
- Re: [xml-dev] Two sides of SOAP (was RE: [xml-dev] SOAP-RPC and REST and security)
  - From: Paul Prescod <paul@prescod.net>

Prev by Date: RE: [xml-dev] Data-oriented XML [was: Scatter/gather pattern]
Next by Date: RE: [xml-dev] The InfoApocalypse
Previous by thread: RE: [xml-dev] Two sides of SOAP (was RE: [xml-dev] SOAP-RPC and R EST and security)
Next by thread: Re: [xml-dev] Two sides of SOAP (was RE: [xml-dev] SOAP-RPC and REST and security)
Index(es):
- Date
- Thread