Lists Home |
Date Index |
1. He is interviewing XML security system vendors and Tim Bray.
2. XML is a payload with more metainformation and
some are pushing as fast as possible to expose ever
more valuable information to a system that isn't
that robust or secure.
3. No one really took XML security issues very seriously
except the security system vendors. XML has been sold hard.
Recently, XML experts are encouraging implementors
to push harder and not wait for answers to questions
that they might actually need to have answered depending
on what is in those payloads. What's the rush, guys?
It isn't a very good article. It still touts the
'co-inventor' thing, and the "XML is TOO HARD" thing,
without refutation, but it opens a discussion that
needs to be had because at the bottom of it are
system vendors, system administrators, and others
selling and implementing technologies that aren't
fully understood in their impact but are fully
decorated with mythInformation designed to
accelerate sales at lower price points.
That is why despite the pushing, late adopters are
everywhere. No one likes extra headaches as the
price of drinking the kool-aid.
I was asked to write an article refuting that one
because I posted the same URL yesterday to this list.
I can't. One, I don't qualify as a security analyst;
two, I suspect XML is adding extra headaches for
which these vendors may have valuable solutions.
From: Hunsberger, Peter [mailto:Peter.Hunsberger@stjude.org]
Gerben Rampaart <VisualBasic@Home.nl> writes:
> Martin LaMonica wrote an article on ZDNet on the increasing
> security risks of XML. Comments anyone?
Yes; why is it that people confuse "Web services" with "XML" and lump
them all in the same big basket?