<<Architects and developers have been coming up to speed on a group of closely related technologies: XML, Web Services and Service Oriented Architecture. In most companies, the integration of these technologies has involved considerable thought and planning. Much like the Dutch boy and the dike, it looks as though XML is now starting to every direction.
This growing influx of XML is coming from user-generated XML. The source getting most attention recently is AJAX. Suddenly the power of asynchronous user interface handling is becoming evident and it is generating a lot of XML traffic - it is already coming across your enterprise boundaries. Each of your users accessing Google Maps, Gmail or the new Yahoo mail client, or using the upcoming Microsoft Web Mail Browser (kahuna), is already driving XML across your firewall. The next major driver for user-generated XML (appearing towards the end of this year) will be the introduction of Microsoft's Office 12 with XML document formats and Web services based integration functionality. So you think your server XML traffic loads are going to be large when application-to-application interactions over Web Services take hold? Wait until you hit the hundreds or thousands of additional XML messages and content driven by your average users. Much has been written about the implication of application-to-application Web services on application control and security. While many application and network architects have taken a wait-and-see approach to dealing with XML Web services network traffic, the rapid escalation of user generated XML will introduce security, bandwidth and latency issues much faster than existing network and application server infrastructure can address them. Standard network security solutions already pass XML traffic through because it looks like any other browser-generated http: traffic. Simple solutions that try to block any incoming traffic that appears to contain XML, are going to be even more useless. Lots of XML traffic is going to be coming from lots of perfectly valid sources in your intranet, your extranet and from the big bad Internet. Fortunately there are standards and solutions that address the fundamental issues of XML and Web Service security now. However, composite and work-flow applications are going to have a hard time both separating good and bad XML traffic and controlling trusted access to Web Services. Message-based attacks--- replay attacks, out of order message attacks and just plain fraudulent message insertions--- are going to be easier to perpetrate in the blizzard of XML traffic that will be flowing through your network firewalls and around your internal networks.>> You can find this blog at: http://www.webservices.org/weblog/andrew_nash/where_did_that_xml_traffic_come_from_i_thought_ajax_was_a_cleaner Gervas Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
