[
Lists Home |
Date Index |
Thread Index
]
>
> -----Original Message-----
> From: W. E. Perry [mailto:wperry@fiduciary.com]
> Sent: Thursday, May 08, 2003 9:12 AM
> To: XML DEV
>
> If I may ask, without I hope sounding too petulant:
I think your hope is unfulfilled.
>
> What does this cartelization (with a rigidity of rules,
> permissions, and hopelessly intertwined processes that even
> most colluders-in-restraint-of-trade would be loath to
> subject themselves to) have to do with distributed computing,
> web services, or loosely-coupled processes harnessed in
> cooperation to implement custom workflows?
The primary difference between your point of view and that of the
promulgators of the specs in question, as far as I can tell, is that they
believe that establishing trust between nodes in the internetwork is both
desirable and possible and you do not.
> AFAIK we were not
> at work here on the bureaucratic blueprint for policies and
> procedures of interdepartmental cooperation in, say, the US
> federal government--or at least I didn't think that was what
> the operating standards of an open worldwide internetwork
> were supposed to resemble. In fact, I thought the point was
> that the epochal influence would go in the other direction:
> the success of lightweight, autonomous processes exploited
> for unanticipated functionality precisely because they were
> openly available should persuade the ossified hierarchs that
> adopting the new model was their only alternative to extinction.
Ossified heirarchs have amazing staying power.
>
> Specific to this thread's questions of authentication: in a
> world of 'web services' (as opposed to top-down system-wide
> delegation of function) 'need to know' is a specious concern
> because the processing which produces data of a particular
> form is divorced from (and likely knows nothing of)
> downstream processes which make various uses of that data.
In your view of the world, that is true. I think your view describes many
important scenarios, but you have blinded yourself to an entire range of
useful application interactions.
> Even when handling the 'same' data at various stages of what
> might appear to a particular observer as a pipeline,
> processes are separated from both the previous and the
> subsequent forms of that data and therefore from the
> particular semantics which might attach to that data in the
> execution of prior and of subsequent processes. IMHO this is
> as close as we will ever come to the separation of data from
> process--and it achieves that goal sufficiently to force us
> to reconsider what we mean by authentication and what it is
> precisely that we are trying to secure. The sort of
> authentication which Messrs. Chiusano and Cavnar-Johnson are
> discussing is predicated on the semantics of given data being
> a) inherently deserving of protection or securing from
> untrusted eyes and b) remaining substantially identical as
> the data is passed from process to process or user to user.
I don't understand why you assert b). What happens to the data is
completely orthogonal to the authentication issues.
> I
> argue that as the (most important, by
> far) consequence of a 'web services' design, both of these
> assumptions are demonstrably false.
I have read your assertions of these points over and over and I have come to
the conclusion that you and I will never agree on these points.
> The concerns on which
> they are pontificating are therefore from a different realm
> than web services.
I was answering Joseph's question, which was a factual one about whether
there was a spec that covered a particular scenario. For you to assert that
we were "expressing opinions or judgments in a dogmatic way" is laughable.
> Unfortunately if such concerns are
> seriously discussed as material to the implementation of web
> services there is the very real possibility that we may find
> ourselves thereby designing systems which, because of this
> crucial distinction, are not web services but which will be
> constrained to the sclerotic (and dare I say paranoid?)
> notions of security and authentication which this thread of
> discussion thus far evidences.
>
> Respectfully,
Why do you close your emails with the word "Respectfully" when you have
filled your writing with words chosen for their offensive connotations
(colluders-in-restraint-of-trade, ossified, sclerotic, paranoid, and
pontificating)? I think your invective does your position more harm than you
realize.
|