OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Web Services -- The City of Jericho?

[ Lists Home | Date Index | Thread Index ]

On Sat, 23 Nov 2002 09:42:13 -0800 (PST), m a r l o n . n e l s o n <thesardonicwon@yahoo.com> 

> My question now is, what role does security play in all this?  How secure 
> is the 'city'?

As best I understand it, the city is as secure as the garrison behind the 
walls, i.e. the infrastructure that is already in place for authentication, 
authorization, encryption, non-repudiation, signatures, etc.  WS-Security 
only claims to provide a mechanism for identifying and exchanging security 
tokens so that the security parameters can be negotiated over the Web.  
Since most of what people do with web services now is negotiated up front 
rather than in real time when services are invoked, the "insecurity" of web 
services is a red herring: businesses can negotiate a mechanism for 
exchanging security tokens, or use a proprietary security scheme, or 
whatever. Conversely, if WS-Security became a universally supported 
standard tomorrow, that wouldn't make web services secure unless the 
parties invest in the security infrastructure they would need to secure 
their human-centric web applications, their COM/CORBA applications, etc.  
The standards just make it a bit easier to handle the boring details, they 
don't create secure web service environments.


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS