I mention that, on Fri, 14 Feb 2003 at 13:01:52 -0500, Abbie Barbir said:
Using SOAP, we can get the flexibility of defining a protocol that is
extensible and flexible. Using SOAP security extension can solve the
security requirements for OPES.
Having the ability of doing incremental signature is an important feature.
Tracing and notification can be provided as a service, that can take
advantage of the incremental siging ability of XML.
I've got a book published late last year on XML security, and it does
not mention incremental signatures. What are they, how would they be
useful to OPES?
How can we keep track of this W3C work-in-progress from the IETF
vantage point? I'm not a member of W3C, and I cannot judge the
maturity of their drafts, the likelihood of standardization of any of
the documents. Can you and others promise to serve as liasons,
keeping us apprised of what's going on? Or perhaps there's already someone
who does this for the XML security work, like Don Eastlake.
I know off hand that performance issues will be used aginst adopting SOAP.
However, keep in mind that performance is only one factor and it can be
argued that with continous improvments in CPU speed and Hardware
acceleration, this will not (or should not) be a major issue.
I'm not objecting to examining performance vs. ease-of-use, but it is
important to keep the whole picture in mind. If a single CPU with no
special hardware enhancements can keep a 2 Gbps line busy, carefully
balancing CPU cycles and I/O, then you have to be very careful about
adding extra per packet processing that multiplies the CPU cycles by a
factor of 1000 - this would mean that an organization would need many
more CPU's to do the same job. So let's be very specific when we
discuss performance and acceleration - the numbers are important
because they determine the cost of the deployed systems.
There is a lot of work that is being done now on SOAP security that can be
very usefull to OPES.
How can we know what that very useful work is?
For OPES to be usefull, I think it should be able to interoperate with web
services. At the end of the day, OPES provide a service to the data
provider/consumer application.
Can you tell us what it means to interoperate with web services? I'm
not against it, but I've got only the vaguest notion of what it might
mean for OPES.
I know that SOAP has been looked at before by OPES. As a start, do we have a
pointer on the previous work, if yes can someone please advice where we can
get it.
My memory of this is that Lee Rafalow was a strong advocate of looking at
SOAP, but there was no work beyond that advocacy. Perhaps others have
done work since then, but have not reported it to OPES because we were
concentrating only on the initial documents. We need to spread the word
that we are now in a new WG phase and it is safe to come back to the mailing
list.
Hilarie