OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Benefits of SOAP?

[ Lists Home | Date Index | Thread Index ]

Someone i know who has been trialing WS-Security implementations has hit
some real show-stoppers, in particular getting some of the vendors mentioned
work with some significant others. Getting current implementations to
exchange encrypted and signed messages isn't something i'd like to rely upon

This shouldn't be anything much to write about here, except it's worth
noting that these are invariably /implementation/ issues in areas which are
well specified. Getting vendors to perform /practical/ interoperability
testing, rather than just endlessly discuss the wording in specifications is
very, very difficult.


Paul Sumner Downey

-----Original Message-----
From: Rich Salz [mailto:rsalz@datapower.com]
Sent: 16 February 2004 03:11
To: Dennis Sosnoski
Cc: xml-dev@lists.xml.org
Subject: Re: [xml-dev] Benefits of SOAP?

> there's limited cross-platform support for WS-Security currently
> deployable, though there have been some demonstration hookups.

In my experience is better than that.  We have customers in
production that regularly interop among our product, IBM, Microsoft,
and some others.

> course, you can also get the same end-to-end message integrity and
> selective data privacy using XML Encryption and XML Signature, which are
> what WS-Security wraps.

It's a subtle point, but unless you use something like WS-Sec, than
you cannot sign arbitrary XML content unless you change every
single schema to include an enveloped XML Dsig.  That's not feasible.
Possible, but not feasible; you really do need WS-Sec and SOAP if you
want to exchange messages with end-to-end content integrity.


Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
initiative of OASIS <http://www.oasis-open.org>

The list archives are at http://lists.xml.org/archives/xml-dev/

To subscribe or unsubscribe from this list use the subscription
manager: <http://lists.xml.org/ob/adm.pl>


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS