| CARVIEW |
Select Language
HTTP/2 200
date: Sat, 11 Oct 2025 10:56:59 GMT
content-type: text/html
content-encoding: gzip
last-modified: Thu, 13 Jul 2023 17:28:48 GMT
cache-control: max-age=2592000, public
expires: Mon, 10 Nov 2025 10:56:59 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-request-id: 98cdd57fed87cb77
strict-transport-security: max-age=15552015; preload
x-frame-options: deny
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
set-cookie: __cf_bm=KjZbuc__cHpOQKNql68A05TXFykubV79E.CAigJkCuQ-1760180219-1.0.1.1-fBHH1TEES1k19hD6Ttv5_hqk2waAKEP1NeTbTRf9H5tcRf3fL.Rl6pFFJlSi2AU4Oax7Xvk97WxvOKjYz9OVzxXQMU7hlNiY76oPD6pBk.Q; path=/; expires=Sat, 11-Oct-25 11:26:59 GMT; domain=.w3.org; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 98cdd57fed87cb77-BLR
alt-svc: h3=":443"; ma=86400
LC Comment (Core and SOAP): Security model is insufficient from Marc Hadley on 2005-05-11 (public-ws-addressing-comments@w3.org from May 2005)
LC Comment (Core and SOAP): Security model is insufficient
- From: Marc Hadley <Marc.Hadley@Sun.COM>
- Date: Wed, 11 May 2005 09:20:49 -0400
- To: public-ws-addressing-comments@w3.org
- Message-id: <65874421cd3baba2a69ebb8cf74ae074@Sun.COM>
The "security model" in WS-Addressing Core and SOAP Binding amounts to little more than 'only process WS-Addr constructs from sources you trust'. Such advice is practically useless in the real world of services deployed on the internet. In line with its charter to deliver "A security model for using and communicating these abstract properties.", the WG needs to produce: (i) a much more detailed analysis of the security threats inherent in WS-Addressing and countermeasures to protect against them (ii) if trust forms the foundation for processing of WS-Addressing constructs then the WG must, at a minimum, deliver an interoperable mechanism for establishment of such trust. Marc. --- Marc Hadley <marc.hadley at sun.com> Business Alliances, CTO Office, Sun Microsystems.
Received on Wednesday, 11 May 2005 13:21:04 UTC