[Cialug] Re: [ciapug] XML

Tony Bibbs cialug@cialug.org
Wed, 23 Mar 2005 14:13:32 -0600


I think what is 'good enough' is really best left to an Information 
Security Office and/or business requirements.  However, you are right, 
there is information around data-level security that is worth reading.  
That said, your link no-worky.

The requested URL 
/wss/2004/01/oasis-200401-wss-soap-message-security-1.0 was not found on 
this server.

--Tony

Korver, Aaron wrote:

> Note though that SSL isn't good enough when talking about SOAP if you 
> are going to be pushing the webservice out to the world.  If you are 
> going to be staying within a private LAN then SSL is probably 
> sufficient.  Transport layer security is just one layer.  The 
> ws-security specs detail data layer security. 
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0 
>
>
> > -----Original Message-----
> > From: Tony Bibbs [mailto:tony@tonybibbs.com]
> > Sent: Tuesday, March 22, 2005 11:09 AM
> > To: cialug@cialug.org
> > Cc: ciapug@cialug.org
> > Subject: Re: [Cialug] Re: [ciapug] XML
> >
> >
> > Anything wrong with using SOAP?  If so, what about XMLRPC?
> >
> > Securing the service can be a challenge and it needs to happen at
> > multiple levels.  Networking is a good place to start...if
> > you can only
> > allow access to the service from specific hosts.  Then there is the
> > transport layer...using SSL is a no brainer and finally, you
> > can embed
> > some sort of userid/password type of thing to go over with
> > the request.
> >
> > I'd personally recommend SOAP (PHP5's SOAP implementation is
> > servicable)
> > and if that won't fly then you can use XMLRPC.  PHP5 supports XMLPRC
> > (assuming the appropriate --with-xmlrpc option was given) and should
> > that fail then use PEAR's XMLRPC implementation:
> > http://pear.php.net/package/XML_RPC#results
> >
> > --Tony
> >
> > David Champion wrote:
> >
> > > [crosspostin']
> > >
> > > Dave J. Hala Jr. wrote [on the PHP list] :
> > >
> > >> Anyone using XML on one of their sites to exchange information with
> > >> other systems?
> > >>
> > >> Anyone sending an "XML query" (wrong terminology, I know)
> > to another
> > >> site, retrieving the data and inserting into their system?
> > >>
> > >> How do you handle the authenitication? What software you use on the
> > >> Linux system?
> > >>
> > >>
> > >> :) Dave
> > >
> > >
> > > I recall Dave Weis mentioned that he'd written a PHP/XML service
> > > recently.
> > >
> > > -dc
> > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug@cialug.org
> > > http://cialug.org/mailman/listinfo/cialug
> >
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug@cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
>