« Bands = Wired, Factors = Tired, Passwords Only = Expired | Main | Second Workshop on Security Metrics (MetriCon 2.0) »



The lack of security focus is IMHO the achilles heel of XML. Although I haven't looked at the WS-security stuff, I did look at the related encryption and signing standards for XML. No thanks.

As a sort of experiment, I and others wrote XML-X.org which does 3 party payments in XML for a basic web-pased payment system. It works relatively well, but the security side rested heavily on OO-style wrappers for each packet, and then conversion to a later semantic processing engine.

Fundamentally, the promise of XML over some own format is not clear. To create own formats in languages is easier than employing XML parsers, and more controlled and more secure. I sympathise with his comment about the average programmer... but I don't think the average programmer has an easier time with XML than without, if properly supported.

The comments to this entry are closed.