• To: xml-dev@l...
• Subject: Re: Generality of HTTP
• From: Gavin Thomas Nicol <gtn@r...>
• Date: Tue, 22 Jan 2002 00:01:22 -0500
• In-reply-to: <3C4CE752.45CE1A2B@p...>
• Organization: Red Bridge Interactive, Inc.
• References: <200201220237.VAA25015@m...> <E16SrsT-000147-00@s...> <3C4CE752.45CE1A2B@p...>

On Monday 21 January 2002 11:15 pm, Paul Prescod wrote:
> I don't really know how HTTP makes this any harder than anything
> else. At least HTTP has a security model. Security for RPC seems a
> very difficult (intractable?) problem. HTTP has a very
> understandable but flexible security model. I would say that many
> services need nothing more complex than "rwx" ACLs.

HTTP isn't intrinsically more insecure  except that using HTTP 
proxies is a well-accepted practise. One part of security are the 
principals of least-priviledge and least-disclosure (don't give 
permissions to to more than the minimum, and don't tell anyone about 
things). The web (internet in general) aren't designed with these 
explicitly in mind, especially least-disclosure. 

The infrastructure as it exists is probably "goof enough", but I don't 
think it's ideal.

• References:
  • Re: Generality of HTTP
    • From: Mark Baker <distobj@a...>
  • Re: Generality of HTTP
    • From: Gavin Thomas Nicol <gtn@r...>
  • Re: Generality of HTTP
    • From: Paul Prescod <paul@p...>

• Prev by Date: Re: Generality of HTTP
• Next by Date: Re: Generality of HTTP
• Previous by thread: Re: Generality of HTTP
• Next by thread: Re: Generality of HTTP
• Index(es):
  • Date
  • Thread