xml-dev - RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

[ Lists Home | Date Index | Thread Index ]

To: Elliotte Rusty Harold <elharo@metalab.unc.edu>
Subject: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
From: Rich Salz <rsalz@datapower.com>
Date: Mon, 5 Jan 2004 19:41:31 -0500 (EST)
Cc: XML-DEV <xml-dev@lists.xml.org>
In-reply-to: <p0601020dbc1f96e240dc@[192.168.254.4]>

> The real problem is that cookies are completely contrary to the web
> architecture.

Nonsense.  A cookie holding authentication credentials is conceptually
the same as content negotatiation, one of the REST principles.

> Even if there were no privacy implications,
> cookies would still be the wrong solution.

Since you seem to have given this more than just casual thought, have
you got ideas about a solution?  To be explicit, the goals are:
        Authenticate clients
        Allow URL's to be cut/pasted amonng participants
        Limited exposure if packets are snooped

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

Follow-Ups:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>

References:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>

Prev by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: Re: [xml-dev] Formalism and complexity
Previous by thread: REST and the Web - was Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Next by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Index(es):
- Date
- Thread