OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-caf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-caf] [WSRF][Fwd: [OASIS members] Press Release to Announce OASIS

Hi Joe,

> Thinking about the WSRF example of accessing a single file 
> from a Web Service by providing a resource ID that represents 
> that file in a WS-Addressing endpoint description (and 
> leaving aside for the moment the fact that WS-Addressing is 
> not an open standard), isn't that capability a good thing, 
> with the understanding that the necessary security measures 
> would be in place?

It might be OK, particularly if there isn't a simplistic WS-RF ID to
i-node mapping for example. However, you now have the problem of pointer
liveness. This, I expect, will be addressed by WS-RenewableReference. 

The plain vanilla Web Services approach sidesteps this problem by not
having the notion of references and leases and so on which are not great
builing blocks for Internet scale applications.

> Couldn't this concern be addressed by security policy?

A proper authentication and authorisation scheme would help a little
insofar as it might prevent the whoel Internet from locking the
identified file. But the fact remains that pointers create
inter-enterprise dependencies which is a bad thing in this case.

After spending a great deal of time yesterday with the Globus and IBM
folks behind this spec, my feelings are generally unchanged though I do
sympathise with what they tried to achieve. In the application domains
they're thinking about, resources are really important and so they
figure in their specs. I think I am just concerned about the notion of
resources permeating down the stack where it would class with the simple
services-plus-messages view.		


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]