OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Elliotte Rusty Harold on Web Services

[ Lists Home | Date Index | Thread Index ]
  • To: Mike Champion <mc@xegesis.org>
  • Subject: Re: [xml-dev] Elliotte Rusty Harold on Web Services
  • From: "Chiusano Joseph" <chiusano_joseph@bah.com>
  • Date: Mon, 03 Feb 2003 09:30:15 -0500
  • Cc: xml-dev@lists.xml.org
  • Organization: BAH
  • References: <003801c2c946$e5b34520$6401a8c0@cavnarjohnson> <3E3AAB07.4080403@datapower.com> <oprjvm6xiqezizxn@smtp.comcast.net>

<Snip>
but firewalls 
are becoming XML/XPath-ware, SOAP-aware, and will surely soon understand 
specific SOAP header standards related to security (WS-Security, etc.).
</Snip>

Excellent point regarding WS-Security.  According to this spec, a
firewall locates the <Security> header block targeted for itself and
extracts the security token and signature.  The firewall then validates
the signature over the encrypted data and the validity of the security
token included (or referenced). The firewall then makes a determination
as to whether or not to authorize the message to pass through the
firewall.

There are several other specs within the emerging Global XML Web
Services Architecture (GXA) - of which WS-Security is a part - that I
foresee will help improve the current situation - specifically
WS-Policy, WS-Trust, WS-SecurityPolicy, and WS-PolicyAttachment.

Joe Chiusano
Booz | Allen | Hamilton



Mike Champion wrote:
> 
> On Fri, 31 Jan 2003 11:57:43 -0500, Rich Salz <rsalz@datapower.com> wrote:
> 
> > SOAP over HTTP is architecturally no worse than HTTP POST:  both are
> > sending data and requesting that a server act upon it.
> 
> Yup.  Is SOAP in an incompetently designed application and incompetently
> administered environment any worse than CGI, ASP, or any other tool for
> coupling client processing with server-side code via HTTP?
> 
> I *will* grant that the cavalier attitude toward security of the dominant
> tool vendors that make it all too easy to expose random bits of code as Web
> services is a Bad Thing. I would simply ask that people distinguish SOAP
> (the technology) from SOAP (the hype frenzy and all the bad stuff that
> follows from it) in a discussion such as this.
> 
> Also, note the rapidly evolving definition of "firewall" over the last 10
> years or so.  It was originally an IP-level source/destination filter, plus
> TCP-level port-blocking, then HTTP-level URI-filtering .... but firewalls
> are becoming XML/XPath-ware, SOAP-aware, and will surely soon understand
> specific SOAP header standards related to security (WS-Security, etc.).
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>
begin:vcard 
n:Chiusano;Joseph
tel;work:(703) 902-6923
x-mozilla-html:FALSE
url:www.bah.com
org:Booz | Allen | Hamilton;IT Digital Strategies Team
adr:;;8283 Greensboro Drive;McLean;VA;22012;
version:2.1
email;internet:chiusano_joseph@bah.com
title:Senior Consultant
fn:Joseph M. Chiusano
end:vcard




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS