[ogsa-wg] RE: GRIDtoday Edition: Tony Hey: 'Challenging Times for GGF & Standards'
Steve Loughran
steve_loughran at hpl.hp.com
Fri Mar 4 08:43:45 CST 2005
Mark McKeown wrote:
> Hi Steve
>
> -snip-
>
>>This is an issue regardless of whether you use WSRF, or whether you use
>>WS-* with WS-Addressing. There is not enough stability in specification
>>or implementation to be able to say "this is our code, we guarantee that
>>it will continue to work for 5 years". Only REST services built on
>>HTTP1.0+XML1.0 can pull that off, at the expense of no structured fault
>>mechanism other than http error codes, no security other than HTTPS
>>and/or HTTP basic/digest auth, etc etc.
>
>
> Can XML signature and encryption not be used with REST services
> as suggested in the Atom specification?
>
> Section 10 of
> http://www.ietf.org/internet-drafts/draft-ietf-atompub-format-05.txt
>
> "Atom document can be encrypted and signed using
> [W3C.REC-xmlenc-core-20021210] and [W3C.REC-xmldsig-core-20020212],
> respectively, and is subject to the security considerations implied
> by their use."
oh, yes XML signature can, ws-signature cant
> Also should that be HTTP1.1?
only if you can be sure of your proxies, or are using HTTPS
More information about the ogsa-wg
mailing list