[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation

• To: Elliotte Rusty Harold <elharo@m...>
• Subject: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• From: Rich Salz <rsalz@d...>
• Date: Mon, 5 Jan 2004 19:41:31 -0500 (EST)
• Cc: XML-DEV <xml-dev@l...>
• In-reply-to: <p0601020dbc1f96e240dc@[192.168.254.4]>

> The real problem is that cookies are completely contrary to the web
> architecture.

Nonsense.  A cookie holding authentication credentials is conceptually
the same as content negotatiation, one of the REST principles.

> Even if there were no privacy implications,
> cookies would still be the wrong solution.

Since you seem to have given this more than just casual thought, have
you got ideas about a solution?  To be explicit, the goals are:
        Authenticate clients
        Allow URL's to be cut/pasted amonng participants
        Limited exposure if packets are snooped

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

• Follow-Ups:
  • RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
    • From: Elliotte Rusty Harold <elharo@m...>

• References:
  • RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
    • From: Elliotte Rusty Harold <elharo@m...>

• Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by Date: Re: Formalism and complexity
• Previous by thread: REST and the Web - was Re: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Next by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Index(es):
  • Date
  • Thread