Re: Web Services -- The City of Jericho?

To: Mike Champion <mc@x...>
Subject: Re: Web Services -- The City of Jericho?
From: "m a r l o n . n e l s o n" <thesardonicwon@y...>
Date: Sat, 23 Nov 2002 10:24:53 -0800 (PST)
Cc: "\[xml-dev\]" <xml-dev@l...>
In-reply-to: <oprgbtovgiezizxn@localhost>

Play the video

> The standards just make it a bit easier to handle the boring details,
> they don't create secure web service environments.

This makes me feel as if i am standing 'nut-to-butt' in a chow line -- at ease, but not very safe.

> Conversely, if WS-Security became a universally supported standard tomorrow, >that wouldn't make web services secure unless the parties invest in the security >infrastructure they would need to secure their human-centric web applications, their >COM/CORBA applications, etc.

Thanks for the input.

One,

Mike Champion <mc@x...> wrote:

On Sat, 23 Nov 2002 09:42:13 -0800 (PST), m a r l o n . n e l s o n
wrote:

> My question now is, what role does security play in all this? How secure
> is the 'city'?

As best I understand it, the city is as secure as the garrison behind the
walls, i.e. the infrastructure that is already in place for authentication,
authorization, encryption, non-repudiation, signatures, etc. WS-Security
only claims to provide a mechanism for identifying and exchanging security
tokens so that the security parameters can be negotiated over the Web.
Since most of what people do with web services now is negotiated up front
rather than in real time when services are invoked, the "insecurity" of web
services is a red herring: businesses can negotiate a mechanism for
exchanging security tokens, or use a proprietary security scheme, or
whatever. Conversely, if WS-Security became a universally supported
standard tomorrow, that wouldn't make web services secure unless the
parties invest in the security infrastructure they would need to secure
their human-centric web applications, their COM/CORBA applications, etc.
The standards just make it a bit easier to handle the boring details, they
don't create secure web service environments.

-----------------------------------------------------------------
The xml-dev list is sponsored by XML.org , an
initiative of OASIS

The list archives are at http://lists.xml.org/archives/xml-dev/

To subscribe or unsubscribe from this list use the subscription
manager:

-- m a r l o n . n e l s o n
-- W e b . D e v e l o p e r
-- San Francisco, CA
-- http://www.animantix.com
-- http://www26.brinkster.com/specter1

-- Our greatest enemy [threat], lies
-- hidden amongst those we trust most.

Do you Yahoo!?
http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com - Powerful. Affordable. http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com

References:
- Re: Web Services -- The City of Jericho?
  - From: Mike Champion <mc@x...>

Prev by Date: The RDDL challenge
Next by Date: XML, Rich Internet Apps
Previous by thread: Re: Web Services -- The City of Jericho?
Next by thread: Re: Web Services -- The City of Jericho?
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >