>I
don't use XML over the wire...
Gregg, of your perspective on that subject, I am very
aware :-)
>
would not say that XML-SG is what I mean by
digital-signature
Never mind... Bit slow to catch up, but I figured out that you meant
to shorten "XML Security Gateway".
>only reason that these devices seem useful is if you've chosen
XML
I have
chosen XML and this discussion has centered on web services
security.
>This is my point. You can put in
all these devices that defend you from the
>world, but you still need to defend
yourself from internal attacks.
I, for
one, have no disagreements with you on this point. In fact, I am in violent
agreement!
It
would appear that the inital focus of this discussion thread has veered
off-course (Not a new thing for this list). As noted in my
inital response (which was a reply to a comment that the exisiting web
service security standards are not mature enough), I believe that the current
web service security standards are mature enough for building a
defense-in-depth implementation of a web service security
infrastructure. I also believe that in implementing this defense-in-depth
strategy, at the current stage of technology, a XML Security Gateway does
have a role (There are others who disagree.. C'est la vie). There are other
processes and mechanisms that need to put in place to fully implement
this at the Network, Host and Application levels so that security is
considered in a holistic manner and not as a bolt-on. Again very true and is
something I am fully in agreement with.
Regards,
-
Anil
YAHOO! GROUPS LINKS
- Visit your group "service-orientated-architecture" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
