« Wider Thinking Required | Main | Free as in download it and read it »



This hypothesis of Ian's, and his other, "It's your job, do it." are mostly just restatements of yet another classic paper, by Saltzer (again!), Reed and Clark: "The End to End Argument in System Design".



Doh, should RTFA first. Of course, he refers to the paper directly.

Taken seriously, the end-to-end argument exposes some of the flawed use-cases and broken features built to accommodate them in WS-Security, the biggest of these being security architectures built around "intelligent" gateways and proxy appliances.

Like network firewalls, IPsec or WAFs, they may be useful in isolating, integrating or mitigating legacy apps that don't know how to do security, but are almost always worse than having applications take responsibility for their own security guarantees, end-to-end.

Marinus van Aswegen

In the brave new SOA world each endpoint (lego block) needs to take accountability for enforcing security controls. If you can compose a new application, what's stopping your adversary from doing the same?

The comments to this entry are closed.