RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: Elliotte Rusty Harold <elharo@m...>
Subject: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
From: Rich Salz <rsalz@d...>
Date: Mon, 5 Jan 2004 19:41:31 -0500 (EST)
Cc: XML-DEV <xml-dev@l...>
In-reply-to: <p0601020dbc1f96e240dc@[192.168.254.4]>

> The real problem is that cookies are completely contrary to the web
> architecture.

Nonsense.  A cookie holding authentication credentials is conceptually
the same as content negotatiation, one of the REST principles.

> Even if there were no privacy implications,
> cookies would still be the wrong solution.

Since you seem to have given this more than just casual thought, have
you got ideas about a solution?  To be explicit, the goals are:
        Authenticate clients
        Allow URL's to be cut/pasted amonng participants
        Limited exposure if packets are snooped

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

Follow-Ups:
- RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
  - From: Elliotte Rusty Harold <elharo@m...>

References:
- RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
  - From: Elliotte Rusty Harold <elharo@m...>

Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: Re: Formalism and complexity
Previous by thread: REST and the Web - was Re: Re: Cookies at XML Europe 2004 -- Call for Particip ation
Next by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >