OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [wss] Interesting article this morning...


"Hallam-Baker, Phillip" wrote:
> 
> >       On a related note, let us forge ahead and do the right thing. In
> > the long term, a specification that adds value to the web services eco
> > system will be our best reply to all the doubts raised by others.
> 
> On that note, I just worked out the right analogy.
> 

or is it?

If DNS was trying to replace an existing system which already did many of the
things such as mutliple records, bulk distribution, delta distribution, etc. do
you think that hosts.txt file would be enough to make people bat even an eyelid?

Whether we like it or not, WS_SEC is competing with SSL for all the
point-to-point cases.  SSL comes complete with QoP handshake and negotiation,
SecureConversation with session keys and caching support, fixed set of token
(CipherSuites), and with no replay issues.  Further, no special means are
required to indicate that a given link is secured, except using https in those
embedded links.  In our case, it is not clear to me how anybody can exploit the
other existing UDDI/WSDL infrastructure without making some changes in WSDL.

So, if we are going to offer another alternative which is supposed to be a whole
lot better compared to the existing option, it typically is supposed to be
better, faster, and cheaper.  Even if this is not possible, it may be sufficient
to make a convincing case for the new proposal provided it is a complete story
that is comparable to the existing solutions. IMO, the story does not become
complete just because 4-5 lines have been mentioned in a road-map on all other
missing items.  Further more, WSSC does not really have any visibility into
those items.  The idea of developing such protocols in a "serial" fashion is
fundamentally a slow death.  SSL would have been still languishing if Taher and
others at Netscape had taken a serial approach at developing the SSL protocol.

IMO, it would really look silly if we are all extremely eager to pass some
resolution and declare victory, very well knowing that this is completely
incomplete for any real-life practical deployments. I also do not think that we
would be able to evaluate how good the new spec is as a component without
looking at how the other WS_* things referenced in the roadmap complete the
entire story.

Vipin Samar


> 
> Of course it was clear to everyone that the hosts.txt file mechanism would
> eventually become unmaintainable, even if the Internet grew to include only
> the universities. But the initial lack of DNS did not delay the introduction
> of the Internet.
> 
> What we are talking about with WSDL as solutions that allow Web services to
> be deployed on a very large scale. Sure we will eventually need them, but
> until they are available we can use manual configuration to achieve the same
> effect.
> 
> Of course having spent the past days trying to deal with all this stuff I
> still haven't got round to doing what I had intended to do and send a not to
> QoP to point out that we have to consider more than just WS-Security, we
> need to consider SecureConversation and Key Agreement issues.
> 
> Hmm shades of the IETF SNMP/MIB discussions...
> 
> We could end up being up to our ears in process if we are not carefull on
> this one.
> 
>                 Phill
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC