[
Lists Home |
Date Index |
Thread Index
]
> I see your point, in the abstract, however, I can't help
> thinking that we should be able to assume more uniformity than you
> suggest.
Information hiding, coupled with extension points. For example,
the exact format of my identification token may not be known to anyone
else, but I can put it into a WS-Security header because of the
xsd:any they have. Outsiders just treat it as an opaque blob of XML;
my security system knows what to do with it.
I think this kind of thing will become more common, not less.
Parts of X.fws concern me -- I am thinking of the round-trip from
XML for something like <error-rate>.500</error-rate> going to a
local number, out via ASN.1/DER as an IEEE float, and back. Along
the way it's all too likely to end up as .5, which will break my
digital signature -- and quite rightly, since trailing zero's are
semantically significant.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
