Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Blended Authentication (AKA "Granular Access Control")
 > > -----Original Message----- > From: W. E. Perry [mailto:wperry@f...] > Sent: Thursday, May 08, 2003 9:12 AM > To: XML DEV > > If I may ask, without I hope sounding too petulant: I think your hope is unfulfilled. > > What does this cartelization (with a rigidity of rules, > permissions, and hopelessly intertwined processes that even > most colluders-in-restraint-of-trade would be loath to > subject themselves to) have to do with distributed computing, > web services, or loosely-coupled processes harnessed in > cooperation to implement custom workflows? The primary difference between your point of view and that of the promulgators of the specs in question, as far as I can tell, is that they believe that establishing trust between nodes in the internetwork is both desirable and possible and you do not. > AFAIK we were not > at work here on the bureaucratic blueprint for policies and > procedures of interdepartmental cooperation in, say, the US > federal government--or at least I didn't think that was what > the operating standards of an open worldwide internetwork > were supposed to resemble. In fact, I thought the point was > that the epochal influence would go in the other direction: > the success of lightweight, autonomous processes exploited > for unanticipated functionality precisely because they were > openly available should persuade the ossified hierarchs that > adopting the new model was their only alternative to extinction. Ossified heirarchs have amazing staying power. > > Specific to this thread's questions of authentication: in a > world of 'web services' (as opposed to top-down system-wide > delegation of function) 'need to know' is a specious concern > because the processing which produces data of a particular > form is divorced from (and likely knows nothing of) > downstream processes which make various uses of that data. In your view of the world, that is true. I think your view describes many important scenarios, but you have blinded yourself to an entire range of useful application interactions. > Even when handling the 'same' data at various stages of what > might appear to a particular observer as a pipeline, > processes are separated from both the previous and the > subsequent forms of that data and therefore from the > particular semantics which might attach to that data in the > execution of prior and of subsequent processes. IMHO this is > as close as we will ever come to the separation of data from > process--and it achieves that goal sufficiently to force us > to reconsider what we mean by authentication and what it is > precisely that we are trying to secure. The sort of > authentication which Messrs. Chiusano and Cavnar-Johnson are > discussing is predicated on the semantics of given data being > a) inherently deserving of protection or securing from > untrusted eyes and b) remaining substantially identical as > the data is passed from process to process or user to user. I don't understand why you assert b). What happens to the data is completely orthogonal to the authentication issues. > I > argue that as the (most important, by > far) consequence of a 'web services' design, both of these > assumptions are demonstrably false. I have read your assertions of these points over and over and I have come to the conclusion that you and I will never agree on these points. > The concerns on which > they are pontificating are therefore from a different realm > than web services. I was answering Joseph's question, which was a factual one about whether there was a spec that covered a particular scenario. For you to assert that we were "expressing opinions or judgments in a dogmatic way" is laughable. > Unfortunately if such concerns are > seriously discussed as material to the implementation of web > services there is the very real possibility that we may find > ourselves thereby designing systems which, because of this > crucial distinction, are not web services but which will be > constrained to the sclerotic (and dare I say paranoid?) > notions of security and authentication which this thread of > discussion thus far evidences. > > Respectfully, Why do you close your emails with the word "Respectfully" when you have filled your writing with words chosen for their offensive connotations (colluders-in-restraint-of-trade, ossified, sclerotic, paranoid, and pontificating)? I think your invective does your position more harm than you realize. 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
