|
|
|
Cleaning Up SOAPs Act
By: eWEEK Editorial Board
2003-03-31
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
For SOAP to be enterprise-worthy, security must be an integral part of the Web services standard.Its not an overstatement to say that much of B2Bs future depends on SOAP, the Web services standard that defines how two computers engage each others services via XML commands. Without Simple Object Access Protocol, Web services-based computing, including business-to-business e-commerce, would be in doubt. Fortunately, support for SOAP is widespread, and mature implementations are emerging.
But security was left unaddressed in the SOAP 1.1 specification, leaving this critical component of IT infrastructure to be implemented in ad hoc, incompatible ways—or ignored entirely.
When the World Wide Web Consortium took on future SOAP standard development efforts in late 2000, we sighed with relief. The W3C is known for its ability to develop standards that stand the test of time. The XML Protocol working group at the W3C is now very close to finishing its work on SOAP 1.2; we expect the standard to be voted on by summer. However, as we report in this weeks eWeek Labs package on Web services, security was again left out of SOAP. It was not part of the working groups charter to address the problem in Version 1.2. That omission allowed the committee to complete its work sooner by making its task more focused, but, once again, the SOAP standard has failed to meet a critical IT requirement.
There is now an effort at the Organization for the Advancement of Structured Information Standards, or OASIS, to address this problem, but we think security isnt a postscript to be tacked onto the SOAP specification. Security needs to be baked into the heart of the standard so that it can benefit from the W3Cs mandatory implementation and compatibility testing.
Furthermore, the core components (within which we include security) of a critical infrastructure standard such as SOAP should continue to be developed in its entirety at the W3C, a standards body users trust. It has the policies in place to ensure that standards are developed transparently and in a vendor-neutral way.
Web services need a solid security framework to head off the growing crisis in confidence that they are indeed enterprise-ready. The W3C should fix the security problem as soon as possible after SOAP 1.2 ships, not make it a problem for somebody else to clean up later.
|
|
�������x}r㶲*({E)�iJVlҌ39甊")1Er//Oo<�xDJe2{<56I�
th�7�~vv~/�V4Ú�[:lm骫�'y歯 i3'Krdd6sRiz�Q4-xWLcb5snk�7�v#=2}ߞ3ŝ��}!2B�>$e)QV�oE�xL!X\Gk9"`n�|!��YBZA+5sLL[��Y�'�[z�R��QF΅ۮ�/�VEgM�L{b�~s&9"�ScKZ$Ѡ��F&IUc:M-�<�CNj�SV�H)j09k(>�Kt��myko��c�QM]q4e$DJH�n6�,!\�\a^:Hৃ�Lź�ڎRh[#(R�{|N�s~V�nX�96tY+ȯ[QHM~c/DJ "WRc�g"��ԂN�WP?��u.kR2�k-_ ��JE($dzCs��td�XIc/YdY:@f9v�'⳹s9\_]w�2��]w;>ߘecfy�3ȵZ�PEf(+`W+Ɵ1㝡jqszr|qӽv;}dO%lk��Pln�~R|YkU[_�t�6O{uH{Nw=�k�`tK�Lózr ȹw�ߟ�:dC�Gc�Dt,'���2p�3P[((v.s$��Rv'Z|@X2�揂�+Y|-G�y >�M'G�"-m��hn�vxF���nZTW4�>r+��]3w����ɡ7[3RDp�\� T9?��*FHŌ�2w2-J}/.`q��T��}(嗉�u�u=rHR)!B䎳3Ҵ ��Q&%-�>�Ć�~�(lE1\lj*�U[c<\wNHwEo�DzD�F�µ,���0XU�"H�r2��d[P�h
S�n`qX&aѡJ]�<��7atGe4L9R,+5�}t>G�AAA��i#ri�N
�r�Ӈt��6A�>~�g{�ݺONE+4݃1=+��h$���-DAs50Ie{d"3 q9�{۽�ޚA���QΊ#ax`yQ��}��=o�v@�OۡAX��ʺ�U{:$@=�90�P��lr�22L0(�WN�G�%η"JB}c�>M cWII�4"D%� P
h��4�AZG0�E|EN�m9bo$?HHpXVpBlj`�T6]H8'PT�*esRNأ"BsYa�7/�/1�LS�dAUU ,=B`&�QEn*PpRx5Q7m7eQ,�Tބxl�La��C�t�H{47La
��[P''
ǔ4$b.*
qu �fv;6P�0*�CM|B9;iX+J�RaЛv39n !)�+״UPM
1ϧ2*hss���s{�r+sM'WV�{_jp�S�ǰ�ox:'S{Ō8���|'>eg�H>lI˷XKnkڼ/p7Je[օV�+}�@x#� dlK��M-=�%/ՔF"��R��]@A\Z-C��%W�xM̆E
7u-�ү�k�}0�0E$)*Kӈ0v�WR�
b�sK@&�@�@�Wh$Ϛ�}�:31P.i�^G0Yc�}&xAܛft0>�X*�l�ː�3�':2E߰�TXzR��[L�RqAū'��6a���Prp��1�kqv88_�O;�Þp��¯xMN0��4�}:L�"6Xc�QW<|L#{Wq=�)/WW}�DN!z6V,G~�5<"NE"PX́=mQemӴ)'ݢcb=`3JqЫ%Wȅa}sM!
HwWӈP��BY�+�+U%J-ş/{ʻ]9�A?�%h@W*�fLff�`l.tz퉩��rE}�X)IR5� qL@tUSmEO0V@q�/�)ҧpIL�_V
.a@C+#��!%*& S^抈
�- �t�[;;8f&4�W߂�k
LG䄾]tu��ߏ:0t�ed{�-��IV/굈�zr�\5rV1��>gW�R�:st��1p8Q_y��XpλAa�
ֆ,~���_�Ct�>ɕH}`䃃*,,J�� �I�G?%�KG��n0IM{'w�
9]i>Q]��Ԑ@<��0+GfC�]�'W�H)wtWE>&iR^94YF0TvlCc$�D!S��2}tݣk+J8J�OP:)��OT珌%�J)洮p�˭Rܧ�t�Z�ЛJl CCD3Ex
sCz
�Ǧ=
�u X\YIq5�SϦ,Shڂ��FnG�:.^٨�C�1�hwy:rXy(�h�ʅgOY9Z_�0=Q٠F~P0*�
fB'�#\=�O~1@d%ki��>L}��;TǸw'`::(��=# sF �;3l"�1F�k3BD]��fڢ�ꋒdBץ'tV�N'!h{2N<}�m]1{]1u��<7D��B3ZH�07��UUm>5wV��ӟF
Z `!��i;�oH|LVg
߅B��-�`��`�V鈓n)<�Lb{��`�Vw,QF�HE*%4
הK�%q�A؈ƿt{m�x�zmr/HUɉ v{�}IVc
Tr�t6~(OWK02`gН+z+>ƥI'ݏwOHD�'y���>w�/{�IBZ���o�"HdUkԛC254MBN L9�S|#i -ŧ
[Olgx16àA�Dsʱm�$-Zڦԥ;U�4pF�9�RN蔀'��8�
zS\'Ԋ)ӓ8/qYO(E1�)8ɊK��o�r���M9[Urs@Xƻ{:gV%[H�|N�Y+�Ù/iLA1�` G7Dh�<�J�kX"gŸ�
F[J*�?��萢.��x��=`ċ !9+�ra�=ԥ|pP�*vof�IR�Pa6.;���@)u^�X�1k3�(~
ܳ4,�:];7O!�-dCΓ�f&H&dN q9�F=7Ə蹳��=��
Ķvp߂
�@.x�r kG/ɍ'�sǵ�y]bSU�V�PRyc93Ű��9ހ�kҾ48�5L:0�xS�$ߓD)@Nq 뉦Ww�xUuW꣏z��Yʝ1Q|-(1r+nZMi%s
UqJ{!S^$[ֲeE�b�4s7EfcGvl&\pERbثѥyYDYd)�}Q턧 ?0?���;�`@T6�Gz�K��J]w�Vwwo{��c7g~�Y��`ɏ5T�w5C&y_EB�
OW}d�_6ZDq5 {QJ5Jp}�}-J`To�y
^fmM$~^z)BDӰ|{21u^lߵ=jvÏ1&k� ?ү!N:&=wvs
k70G~"�~]c�n.)I.r�5q�|�*Y�v<�.].߮�ݘ�8(<�A~A<
vH�4�);3Xؗf>zn3�d�b܆��4Qi0pDa�c�.o��1֢ �I�Mi|o(o&x�j�ZCW��L_l�XS| ��+7�?д=Nm�A`̽�"Nm�6uSmU<�AR|ô^7ƴ#."̝5(+"Qw��3,6<
ghM(U�=��]\ɂ?ުM=�"kH-։�.kͷQf�!y_��sST8tv(7t.dY*K�\C�Ġ;i{Љ�(}H_!21$��Ot5vTR~QxS00d"n�Pey�N]A)����M1-o˱ݬr?Lt�&�ޓ÷"$g@�W#����~\�-�8*!u/
���E1�xApς.ADF-�\B�4�oaG@|1�t�J@@5Hc4�R�GZ@nFb5�X$r1bKL�>P=ˇҙei�+ZNE;���}v1\ؕ*}�x_` =G+�=/��Af
t?�7jŪ��v,R�$�K8X�hn��P%�H(!�ˢ)_�u�<�'�[� jr,�rm/~X/�O@�*г!\7]=�eea���Khiv' mQ��\xқ P��Ļ�tW8E�S`m `z K��@H�Dh A
�/D7Ži-M\,MY����~8_3�r~&�V"Dkö
.մm3�#?d�2~sC~sC~sC~sCpCjr|7d�_��ĮF˲ka@g_,su)OeT
!ѥ_fPL f��JoHK;�NMcۄ!_&.x�.[=d�sЖf4ARxw}֠Za~S���C?yǾ�hx�5�.;�t R7,FX1�C^Og��,�vy>&.v�|[��L-K3um�X�`*�7K�����3&�$]&!`#�OGCOb9ֲM]_H���c{!^�Ԇ|ZyI4� ~ıTIQ:AC�+�*_YY�UȴR6�sWI�HF.�v�C�xɅІO���X}?�hlm �HB� �
D�KC=Uȵ:D3
os>a.A�MŝB�L3Cy)BK�^*~%fq�M5hdH؆o~o~o~o~y~JR6j؆a;d�\4�{�4n�?�3&z#6�QC��$Qa�`<|�TZKBo`
�M4v)j�fx��b''('�{w#,[�e{}���\
�\ASĶpu,�iDwF͠�W+�xez1A�� ��3��P`s[�g}}��Z�!eZ|�
Z�Kсn�n3�j�o0U|x�۠knձ� �,Nhq�j4Pzy�T[�eҞ4�fP��.m_�6OdIxO/F�^xf+�z�.K$(@e�_M�ogb�^Jm/6Ի� EԬTQ� 8+uXYW/4 Ͽ[˓\
ݣ�=�R}4G%1Љ+0F�Wfm4�wlwlG1?暯KjoR⊉x".
bsb�mn?a����s�uvhŻ{c�d;��pXnI�9�M��s{
�(I%x(�뀿
c
�_XR���w�ǁ�Y饋٥�`"��i/+�9uF�81<:B݀Y�-6W�%{�I%5�H��'B9�&#yS\0:TQ̭Lc" en�
J�!ap<�Gq�K[�|V�C62�6] ZlG,%o|]nWEUܨ]�m�},��Wm\V�ړ-IİMa�1wђ,Þ@uy�z�Uc�M1n.�jp;"0STצh#=�ᅂr*�C�wO��<�o`_/%�K�N76jţyR_qB��8|�"�NBR4{��n�xw%�}61 )�PAg�6${
"�}LC�fSp_�n���:j&M]��bO~Xׁ:2~�1slW,NpC+�*)A$RDx��g7-O�or[Ƶը��$S^ܳXzw;|Z>Jj\s3c]0�/�2n?]�yE~_Htb�\~M��g$P.b�b��
M�FԐ"6t龺��@l]w;u+DvxG
k|{�&ޡ47i��C�
4B�D!/H�/Hon�a {�-*
}O$Fr6�Ŝx!
�Kł-NzG�,}t%$R�+hW�C�g���ꇜ6K�Kf\�,\0P��u.Mfˢa���\X�3I
?,֤�yb;]�M�Ɇ.he,ZTdQ+4*�/ Cz+{(�ֈ1p(B FY阴� +�5*0��hX*xw�Üϫб5䯭NMϫ�k+W�dm=ymzk롹W�g]=ijyl�+f-1f{sxB(MNXxpd*Љ�{X�SE�8f%\Ѹߜ j%v�G�2rCm�0]�2\πTn�nh�XPǸJ�醳zV�vH/(6c ��qbr(Պ�f("�`�0��.s\Q$63P]"ºdCu��sk
J\W�w�|$mvp�L�RHW0�Jw@�L1�O}TK[RH`n�col;9�Ϋ�a>X�(�N^Ϸǵ�zQwדFx�.2J�Thxd'
W�m$�"|Afs+NN
�Hۡ+E�[$н?ħg:^��9�M�h��a`1?4s5F>L�o��4SH~s< N�ԬT<>�vY�zlh�oBce�\Űѯ�;s}>�^wGk>k蓩g~3fN,��B��W�Ejo2x�n���;Oa4lܵni�rt5�@$ۙ�,@E��H$GB\,�Jk|#\#TD�5"�EY�:��6�[J�r
`"(�
2�w֣�`"[4UB`
E+��1C�=b�{è[ƭo�-a��?"O�ҚS�N>�ʼn�D�rߢ)8uOn;ě"���4^�Œ6L�VUv=_sCe 2l� �e>d6?�9B�^N�#˃b,Cwg�J8=G�l{a0p���t�9o2;��0<�-�Mۀ�5vAZܹ;i�^jIcX~T�# �ӛ��NEv���:c�Z����x{WJ�#o0#92�ţ*C��ar�>efvA(eM4��_ ݆M{s ��P�7"���?fTR<g+6�1V6u;LВ�ϿT�\�=�l}܉᩸ǚ
�|K�<,Ń\h{ܯ�&;0m�w,21' MȮ+fAjп�|nX��˼�!I]U��a0!p��\:h�c'TfB�4*�Up&�B#a`[zL�
/lvWL�1{+ȑ0�m5�We�;SBݽ"}ۜs�h;tv�]�
>��Ќkā�Th19�C� (�Rh^[ȯ�*Y{F6���U'!4
ϫ�P�wi;�c{[/FI!�[AȹX6f;Pn�):�:�Oeј��[�I,ŗ�bAz�5tã,^! |�t,CwfKU� ւ�_.Kз�dĽ%�}Y.�H&�]�aR�ሔ%$~GR_[=��sDb��1 H|-<%����*`>V5{6HDBw��}C�`t��T8�9f����Am'{wv-�wah3J)j�j�#VFp)h�N�<}}=٢�uK�ľqmx��}Ľ;
3C
�:O[�ut՝8G�
PX�h@loM9]`Ev'� �9-�c!01�pP-\�tFGhd��A�G&$ހ)0r�xCr:�vDa+��슅
q�ޟ�2"��)-@�p8ke0�W��vl'f�
,�� ~13_O:�(@0��rēC�<[_�ڵFx��3;}%(s`Vw@8̙LÛ�~H2�I�
_�[0~h��3m˕|YL0\Х~m<3�Ӳ{(v",@S~t�«We9`/��=JH�_SH\�mRjÅ5,c+-n[)�Qz6 �<ЩBA,:?c5VQڶ�7Q�jZ�a[
�զ�n�ۊA�E3
�Jo��>ASc�L�hY�$xt#�GZET`$;�]+ڜ�7t3h;h�s�THчlbqP.B�2m-nƯB@
U �Zuƒ
tK~!,7ZpΩp2�}!f}+S4'�07�xD&,kT�tEA�^Dm�.|��}1&�R�&�'׀��w˄7xq`���6f'ZƷ_�>M`y,�r�^c?��'��(b�g��Ñ!7A)Z {{D)ߝC?b4\,�K矼e'�mk�U���<�|#�bN)5��J�aOQ_�GUS\Uqr]i̓�UAʡ^A�=(�VfH{?wDi�H@iR"+��ʩ��>b%�A1:�4vB�;1�Չ!�KT{0$�^_AߘG5���ijI�%����MtSy
�+K�vH{x�k''fl3Lh5;
�`� Vl##*,R;龿]wHw~N.�+�G~YL߂u�؝pDW6<~�_�;N7Q0� �Z˴�殉
u$��B��ڢ�sSn}3�㒂x�`�t�@OŤ'c`�� Dq��ՠC>�ɃE4#wEba�NW�>_f
��#s�G"�©[n�@= 4�����Ԉ
� >e�57!x��r+{h�5t7OX BDҶnI�k��8�=�A Ё�[�C�U#IO-C(�|9{1|�R -˼-��t�l�5=&mY�<.�?"�K\q��웆b
(-UGH�' h6�7�254�H
��nP�[�yqyn8�Ƚǁ2w9�cs0QG8GZи1+3mL4!�[c|�kp�B�
MĄZ�#A8!1&T�yѣ���jE\�~Uǂ̾��}綞�s =E��iG�NӉO:���Rsv`HEjڧMؼ$AJЮxk)�q*!bE.˼JV8B�6M]��o��R 腳a:7|�WI7:X2[#~T�,hZ<�oRI�or{"�\3�u0�u���F�I8
!J!;o<0mGn>i!�%y;�_pb#_$pMNL{yVur:Jt�Nf.؝/�A� �z*�2��
F+���p�n�?*%JK;#`c`|�!W�LhfrN8Q[ˎG4;8HS[wds {N'E3D6K�f\4�VX/Պ���0Tn��G)
2A%±c4q!].�C,�VpV2
뎜�Cʞq%LSx�&_\rp+2#���
.h�<�lAygk�l~pڻ��CN+z�q�Q~ah[cXio9o:g�ǽa
|
|
Network Security & Hardware 
