Altova Mailing List Archives


Re: [xml-dev] REST has too many verbs

From: Gavin Thomas Nicol <gtn@----.--->
To: xml-dev@-----.---.---
Date: 2/11/2002 9:25:00 PM
On Monday 11 February 2002 01:56 pm, Paul Prescod wrote:
> Gavin Thomas Nicol wrote:
> > > If you do that, you make it extremely difficult to build
> > > intermediaries like:
> > >
> > >  * store-and-forward services
> > >  * caches
> > >  * firewalls
> > >  * proxies
> > >  * message routers
> > >  * privacy managing intermediaries
> >
> > This is not strictly true.
>
> You say that but your message did not provide any evidence.

OK. I'll play the game... you *prove* to *me* that these become 
extremely difficult, and then I'll prove that you're wrong... 

> > I don't think you can assume that visibility is always a good
> > thing....
>
> Optional visibility is always a good thing. You can turn it off
> easily if you don't want it. SSL is an example of turning it off.

Prove that "optional visibility is always a good thing". Explain to be 
why tacking on SSL and authentication mechanisms is better than 
controlled disclosure in the first place.... especially for things 
like web services.

> So you're saying that HTTP can be fairly easily attacked from a
> security point of view unless you use the security features.

No, I am pointing out that open disclosure and visibility aren't 
necessarily good things... indeed, the basic tenet of security is the 
principal of "least priviledge", which implies lack of both these 
things. SSL was created because HTTP, in and of itself, has very poor 
security.

Disclaimer

These Archives are provided for informational purposes only and have been generated directly from the Altova mailing list archive system and are comprised of the lists set forth on www.altova.com/list/index.html. Therefore, Altova does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content on the Altova Mailing List Archive(s), regardless of who originates that content. You expressly understand and agree that you bear all risks associated with using or relying on that content. Altova will not be liable or responsible in any way for any content posted including, but not limited to, any errors or omissions in content, or for any losses or damage of any kind incurred as a result of the use of or reliance on any content. This disclaimer and limitation on liability is in addition to the disclaimers and limitations contained in the Website Terms of Use and elsewhere on the site.