OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Web Services -- The City of Jericho?

[ Lists Home | Date Index | Thread Index ]

> The standards just make it a bit easier to handle the boring details,
> they don't create secure web service environments.

This makes me feel as if i am standing 'nut-to-butt' in a chow line -- at ease, but not very safe.

> Conversely, if WS-Security became a universally supported standard tomorrow,  >that wouldn't make web services secure unless the parties invest in the security >infrastructure they would need to secure their human-centric web applications, their >COM/CORBA applications, etc.

Thanks for the input.

 

One,


 

 Mike Champion <mc@xegesis.org> wrote:

On Sat, 23 Nov 2002 09:42:13 -0800 (PST), m a r l o n . n e l s o n
wrote:

> My question now is, what role does security play in all this? How secure
> is the 'city'?

As best I understand it, the city is as secure as the garrison behind the
walls, i.e. the infrastructure that is already in place for authentication,
authorization, encryption, non-repudiation, signatures, etc. WS-Security
only claims to provide a mechanism for identifying and exchanging security
tokens so that the security parameters can be negotiated over the Web.
Since most of what people do with web services now is negotiated up front
rather than in real time when services are invoked, the "insecurity" of web
services is a red herring: businesses can negotiate a mechanism for
exchanging security tokens, or use a proprietary security scheme, or
whatever. Conversely, if WS-Security became a universally supported
standard tomorrow, that wouldn't make web services secure unless the
parties invest in the security infrastructure they would need to secure
their human-centric web applications, their COM/CORBA applications, etc.
The standards just make it a bit easier to handle the boring details, they
don't create secure web service environments.

-----------------------------------------------------------------
The xml-dev list is sponsored by XML.org , an
initiative of OASIS

The list archives are at http://lists.xml.org/archives/xml-dev/

To subscribe or unsubscribe from this list use the subscription
manager:


-- m a r l o n . n e l s o n
-- W e b . D e v e l o p e r
-- San Francisco, CA
-- www.animantix.com
-- http://www26.brinkster.com/specter1

-- Our greatest enemy [threat], lies
-- hidden amongst those we trust most.



Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now



 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS