Murray Altheim wrote:
Vadim Gritsenko wrote:
JC Tchitchiama wrote:
[...]
One other thing that may be considered is an xml-security layer at the document level. A documents can be signed (to prevent fraudulent changes) or indeed encrypted to allow only folks with the right public key to access (read/edit) the document.
I think xml-security is outside of the scope of Xindice: you can implement xml-security on top of Xindice, in your application.
Another option might be a driver which wraps another driver and provides xml-security encryption / decryption transparantly.
I agree. I'd much rather have any development time spent on getting 1.1 completely up and running, fixing bugs, improving performance and existing features like indexing, before anybody starts heading down paths that are complete projects in their own right. Vadim has been putting enormous energy into just keeping Xindice from dying as a project. The idea of branching off on only orthogonally-related things like security prior to even a 2.0 release seems very premature. Stability and performance are a lot more important.
Murray
...................................................................... Murray Altheim http://kmi.open.ac.uk/people/murray/ Knowledge Media Institute The Open University, Milton Keynes, Bucks, MK7 6AA, UK .
"I'm a war president. I make decisions here in the Oval Office in foreign policy matters with war on my mind." -- George W. Bush http://news.bbc.co.uk/1/hi/world/americas/3470139.stm
"This is the new Mein Kampf. Only Hitler did not have nuclear weapons. It's the scariest document I've ever read in my life." -- Dr. Helen Caldicott, referring to the Project for the New American Century report entitled "Rebuilding America's Defenses: Strategy, Forces and Resources For a New Century" http://home.earthlink.net/~platter/neo-conservatism/pnac.html
"This report proceeds from the belief that America should seek to preserve and extend its position of global leadership by maintaining the preeminence of U.S. military forces." [op. cit.]
"[...] and advanced forms of biological warfare that can target specific genotypes may transform biological warfare from the realm of terror to a politically useful tool." [op. cit.]
"This is a blueprint for US world domination." http://www.guardian.co.uk/comment/story/0,3604,1036571,00.html
xml-security is a too-big topic. I am thinking how to prevent un-wanted query. As it stands now, Any one who knows the hostName and portNumber can query/update documents inside, by using either a commandline tool or a slightly modified java-api. (assume that he is inside the firewall, or he is outside firewall but the port used is open)
Honglin
