XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: SOAP-RPC and REST and security

dod soap security
Play the video
Paul:

"But the whole point of web services was that we would put services on 
the public Web as we put websites on the public Web."

http://www.prescod.net/rest/security.html

Be sure that only idiots would expose their non-trivial business documents to 
"the Web" through any kind of interface.  Nothing gives a competitor such advantages as 
to be able to see this stuff.  That is why contracts for proposal responses include language 
about the public dissemination of the documents submitted.

Again, the NRC is pulling down drawings, DoD is shutting down sites and purging material, the 
Interior folks turned off their web sites altogether (may be back up, haven't checked).  This 
is the idiocy of "The Web":  "good for my career to be exposed".   That is why I get riled; 
I've seen a lot of serious stupid out of "The Web" supporters.  "information wants to be FREEE!"

Now step back from the "idiots" who bought the story Tim Berners-Lee sold them, and take a look 
at how serious business professionals design software.  They use requirements derived from contracts 
derived from proposals sent in response to requests.  No where in there is security deprecated 
or overlooked.  We have whole sections of responses dedicated to security.  We will not expose 
objects to the web that expose security holes.  We are much more likely to partition the web 
away from vital assets and use proper and well-understood techniques of dissemination management.

That said, RPCs for intranet and URIs for extranet are just fine.  The Network Is NOT the Computer. 
Using services at the public level will require intense scrutiny.  If your managers are idiots, 
they may let you do things that are stupid, just as the NRC, DoD, and others did with URLs.

len

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.