[XML-SIG] Curiouser and curiouser

Rich Salz rsalz@zolera.com
Mon, 07 May 2001 23:59:00 -0400 

> "The charter of the XML Protocols WG isn't to invent anything new."

According to the XP charter
(http://www.w3.org/2000/09/XML-Protocol-Charter), "The Working group
shall start by developing a requirements document, and then evaluate the
technical solutions proposed in the SOAP/1.1 submission against these
requirements. If in this process the Working Group finds solutions that
are agreed to be improvements over solutions suggested by SOAP 1.1,
those improved solutions should be used."

Now I find that phrase "agreed to be improvements" rife with all sorts
of potential.  Certainly one could make a case that a new preferred
encoding that is non-interoperable with the deployed base of Sec 5
encodings is NOT an improvement, overall. :)

I knew you were at the WS workshop, and that I was basing my opinions
solely on the public record, but that's okay.  I've served my time in
standards activities and consortia, and I can hazard a guess as to what
will happen.  The same thing that always happens:  folks want holes put
in so they can plug in their own "embrace and extend" or "optimized"
version of the current protocol.  Well, since the encodings are
specified by namespace, the holes are already there. :)  So XP will
tighten up the wording, remove ambiguity, and not break interop.


> I think the politics of XML protocols and Web services will be white hot.

I don't disagree.

> The camps appear to be roughly:

Interesting analysis, thanks!

> * Just use SOAP as-is and rubber-stamp WSDL and UDDI to boot ...
> * Take the good parts of SOAP, mix in a bit of "transactions" here, a dash of PKI there, a smidgen of EAI voodoo, and...

These aren't mutually exclusive, since #2 is presumably a subset of #1.

As a security expert, I question the need for signed soap, especially in
the presence of actors.  I think applications will want to do their own
signing/encryption.

> * This is EDI + Internet transport + XML payload + semantic Web, folks: quit reinventing wheels (the camp I occupy)

I got a bit lost in your sentence syntax.  Can you explain what you mean
here?  Tnx.

> Don't ask me what the hell this means for Python efforts...

Quoting an old colleague "with freedom comes choices, and with choices
comes more lines of code." :)
	/r$