Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Web RPCs Considered Harmful
 I've read both Ken and Daves "position statements" with regard to Web RPC's and I believe Ken has identifed real, practical concerns that must be addressed. The SOAP and XML-RPC specs seem to ignore the security issues that are so important to companies building E-Commerce applications. Security issues are a pain to deal with - but essential for E-Commerce. Even the W3C pointed to this obvious lack of security considerations in the SOAP submission, ref: "SOAP is one of the existing protocols in the domain of XML based protocols. However its object serialization scheme needs to be more explicit, as in the architectural model of HTTP-NG, where inheritance or method description issues were addressed. Also we think that security considerations should have a central place in such a design, as it is always more difficult, if not impossible, to add security afterwards. Yves Lafon, W3C lead for Jigsaw Activity <ylafon@w...> $Date: 2000/05/08 20:28:43 $ " The US Government Critical Infrastructure Surety Team performs protocol analysis to determine the vulnerabilities of a protocol intended for mission critical, E-Commerce applications deployed over the Internet. If you want people to deploy XML-RPC or SOAP in their E-Commerce applications over the Internet, you need to provide a high degree of confidence that the approach is "safe". I suggest you get a respected group, such as the one I mentioned, to perform a surety analysis and publish the results on this list. IMHO, both SOAP and XML-RPC are seriously negligent with regard to the security requirements of E-Commerce applications. Dick Brooks http://www.8760.com/ -----Original Message----- From: owner-xml-dev@x... [mailto:owner-xml-dev@x...]On Behalf Of Dave Winer Sent: Saturday, May 13, 2000 10:01 AM To: xml-dev@x... Subject: Re: Web RPCs Considered Harmful I posted my response to Ken's caveat here: http://soap.weblogs.com/discuss/msgReader$58 Dave *************************************************************************** This is xml-dev, the mailing list for XML developers. To unsubscribe, mailto:majordomo@x...&BODY=unsubscribe%20xml-dev List archives are available at http://xml.org/archives/xml-dev/ *************************************************************************** *************************************************************************** This is xml-dev, the mailing list for XML developers. To unsubscribe, mailto:majordomo@x...&BODY=unsubscribe%20xml-dev List archives are available at http://xml.org/archives/xml-dev/ *************************************************************************** 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
