OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Extra headaches of securing XML

[ Lists Home | Date Index | Thread Index ]

1. He is interviewing XML security system vendors and Tim Bray.

2. XML is a payload with more metainformation and 
   some are pushing as fast as possible to expose ever 
   more valuable information to a system that isn't 
   that robust or secure.

3. No one really took XML security issues very seriously 
   except the security system vendors.  XML has been sold hard. 
   Recently, XML experts are encouraging implementors 
   to push harder and not wait for answers to questions 
   that they might actually need to have answered depending 
   on what is in those payloads.  What's the rush, guys? 

It isn't a very good article.  It still touts the 
'co-inventor' thing, and the "XML is TOO HARD" thing, 
without refutation, but it opens a discussion that 
needs to be had because at the bottom of it are 
system vendors, system administrators, and others 
selling and implementing technologies that aren't 
fully understood in their impact but are fully 
decorated with mythInformation designed to 
accelerate sales at lower price points.

That is why despite the pushing, late adopters are
everywhere.  No one likes extra headaches as the 
price of drinking the kool-aid.

I was asked to write an article refuting that one 
because I posted the same URL yesterday to this list.  
I can't.  One, I don't qualify as a security analyst; 
two, I suspect XML is adding extra headaches for 
which these vendors may have valuable solutions.


From: Hunsberger, Peter [mailto:Peter.Hunsberger@stjude.org]

Gerben Rampaart <VisualBasic@Home.nl> writes:

> Martin LaMonica wrote an article on ZDNet on the increasing 
> security risks of XML. Comments anyone?

Yes; why is it that people confuse "Web services" with "XML" and lump
them all in the same big basket?


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS