Cart
[Home] [By Thread] [By Date] [Recent Entries]
> I would not advise anyone to hold their breath waiting on a concensus on > a convention, but coming up with a useful convention for digital > signature and encryption varies from easy to reasonably difficult, > depending on your requirements. Balkanized islands of security? Seems like a big step backward. If the folks in Redmond did this, people would be all over Dare&Co for trying to kill the open secure WS stuff that they and IBM have been touting for years. The security ship has sailed, and you'll never got those genii's back in a bottle, or a con-call. (Gaak, I sound like Len) Point solutions are possible, but political and interop reasons will make everyone just fall back to angle brackets. XML DSIG and Encryption are frozen -- just try to get W3C to create new WG's for Infoset-based approach. (Yes, those groups are gone and closed, so you have to start from scratch. Wise Man, Joseph...) By follow-on, anything that depends on XML cryptography -- WS-Security et alia -- are similarly frozen to the XML 1.x serializations. Feel free to disagree; the only possible answer is "we'll see." /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
