Peter Williams writes:
That MIME-PEM has spurred a next round of secured object architecture
analysis and discussion is evident. It introduces new service goals and
options, and (i believe) a new paradigm for co-relating the MTS
messaging security model to message object security. Similarly for http
to html hypermedia security interactions. This will be lots of fun; but
is going to take a while, I forsee.
Can we agree on a new fundamental goal, or reassert the former and
concentrate efforts accordingly?
I agree there are benefits to defining a secured object architecture. I also
agree this will take time initially but the end products will better as a
result.
BTW, I would define "better" in terms of shorter development time, fewer bugs,
shared (hence lower I hope) operating overhead, and the ability to easily share
data.
As a start, we could enumerate the object security requirements of the existing
applications and get some idea of the scope of the problem. However, to be
successful, this needs to be more than an academic exercise. We need buy in
from the application developers in particlar and the internet community in
general.
Phil Smiley