RE: [wss] Interesting article this morning...

["Mishra, Prateek" <pmishra@netegrity.com>]

>>
>>On that note, I just worked out the right analogy.
>>
>>Before DNS was introduced there was a file called the 
>>hosts.txt file that
>>circulated amongst the sysops. The hosts.txt file provided 
>>the same basic
>>service as DNS, binding a host name to an IP address.
>>
>>Of course it was clear to everyone that the hosts.txt file 
>>mechanism would
>>eventually become unmaintainable, even if the Internet grew 
>>to include only
>>the universities. But the initial lack of DNS did not delay 
>>the introduction
>>of the Internet.


I accept your analogy as helpful. However, unlike the 
internet which was developed entirely within a sheltered group
with a strong communitarian ethos, this technology is being 
developed within the commercial marketplace. 

Even more challenging, it is
aimed at enterprise customers and, for these folks, often the
number #1 issue is manageable deployment. The absence of a notation
for describing security properties will either cripple commercial deployment
or encourage development of proprietary notations. This type
of situation has a specially
bad impact on "best-of-breed" small ISV's such as my employer. 


>>
>>Of course having spent the past days trying to deal with all 
>>this stuff I
>>still haven't got round to doing what I had intended to do 
>>and send a not to
>>QoP to point out that we have to consider more than just 
>>WS-Security, we
>>need to consider SecureConversation and Key Agreement issues.
>>

I do not think we need to cover all of these issues in the
first go around. A Version 1.0 that provides a notation for transport
and WS-Security related security
properties would be very helpful in a practical system.


- prateek mishra