Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Elliotte Rusty Harold on Web Services
 <Snip> but firewalls are becoming XML/XPath-ware, SOAP-aware, and will surely soon understand specific SOAP header standards related to security (WS-Security, etc.). </Snip> Excellent point regarding WS-Security. According to this spec, a firewall locates the <Security> header block targeted for itself and extracts the security token and signature. The firewall then validates the signature over the encrypted data and the validity of the security token included (or referenced). The firewall then makes a determination as to whether or not to authorize the message to pass through the firewall. There are several other specs within the emerging Global XML Web Services Architecture (GXA) - of which WS-Security is a part - that I foresee will help improve the current situation - specifically WS-Policy, WS-Trust, WS-SecurityPolicy, and WS-PolicyAttachment. Joe Chiusano Booz | Allen | Hamilton Mike Champion wrote: > > On Fri, 31 Jan 2003 11:57:43 -0500, Rich Salz <rsalz@d...> wrote: > > > SOAP over HTTP is architecturally no worse than HTTP POST: both are > > sending data and requesting that a server act upon it. > > Yup. Is SOAP in an incompetently designed application and incompetently > administered environment any worse than CGI, ASP, or any other tool for > coupling client processing with server-side code via HTTP? > > I *will* grant that the cavalier attitude toward security of the dominant > tool vendors that make it all too easy to expose random bits of code as Web > services is a Bad Thing. I would simply ask that people distinguish SOAP > (the technology) from SOAP (the hype frenzy and all the bad stuff that > follows from it) in a discussion such as this. > > Also, note the rapidly evolving definition of "firewall" over the last 10 > years or so. It was originally an IP-level source/destination filter, plus > TCP-level port-blocking, then HTTP-level URI-filtering .... but firewalls > are becoming XML/XPath-ware, SOAP-aware, and will surely soon understand > specific SOAP header standards related to security (WS-Security, etc.). > > ----------------------------------------------------------------- > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an > initiative of OASIS <http://www.oasis-open.org> > > The list archives are at http://lists.xml.org/archives/xml-dev/ > > To subscribe or unsubscribe from this list use the subscription > manager: <http://lists.xml.org/ob/adm.pl> begin:vcard n:Chiusano;Joseph tel;work:(703) 902-6923 x-mozilla-html:FALSE url:www.bah.com org:Booz | Allen | Hamilton;IT Digital Strategies Team adr:;;8283 Greensboro Drive;McLean;VA;22012; version:2.1 email;internet:chiusano_joseph@b... title:Senior Consultant fn:Joseph M. Chiusano end:vcard 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
