xml-xindice-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Honglin Ye <...@aoc.nrao.edu>
Subject Re: access control in xindice
Date Wed, 11 Feb 2004 15:34:38 GMT
Murray Altheim wrote:

> Vadim Gritsenko wrote:
> 
>> JC Tchitchiama wrote:
> 
> [...]
> 
>>> One other thing that may be considered is an xml-security layer at 
>>> the document level. A documents can be signed (to prevent fraudulent 
>>> changes) or indeed encrypted to allow only folks with the right 
>>> public key to access (read/edit) the document.
>>
>>
>> I think xml-security is outside of the scope of Xindice: you can 
>> implement xml-security on top of Xindice, in your application.
>> Another option might be a driver which wraps another driver and 
>> provides xml-security encryption / decryption transparantly.
> 
> 
> I agree. I'd much rather have any development time spent on getting
> 1.1 completely up and running, fixing bugs, improving performance
> and existing features like indexing, before anybody starts heading
> down paths that are complete projects in their own right. Vadim has
> been putting enormous energy into just keeping Xindice from dying as
> a project. The idea of branching off on only orthogonally-related
> things like security prior to even a 2.0 release seems very premature.
> Stability and performance are a lot more important.
> 
> Murray
> 
> ......................................................................
> Murray Altheim                    http://kmi.open.ac.uk/people/murray/
> Knowledge Media Institute
> The Open University, Milton Keynes, Bucks, MK7 6AA, UK               .
> 
>  "I'm a war president. I make decisions here in the Oval Office
>   in foreign policy matters with war on my mind." -- George W. Bush
>   http://news.bbc.co.uk/1/hi/world/americas/3470139.stm
> 
>  "This is the new Mein Kampf. Only Hitler did not have nuclear
>   weapons. It's the scariest document I've ever read in my life."
>         -- Dr. Helen Caldicott, referring to the Project for the
>   New American Century report entitled "Rebuilding America's
>   Defenses: Strategy, Forces and Resources For a New Century"
>   http://home.earthlink.net/~platter/neo-conservatism/pnac.html
> 
>     "This report proceeds from the belief that America should seek
>      to preserve and extend its position of global leadership by
>      maintaining the preeminence of U.S. military forces." [op. cit.]
> 
>     "[...] and advanced forms of biological warfare that can target
>      specific genotypes may transform biological warfare from the
>      realm of terror to a politically useful tool." [op. cit.]
> 
>  "This is a blueprint for US world domination."
>   http://www.guardian.co.uk/comment/story/0,3604,1036571,00.html
> 
> 
> 
> 
xml-security is a too-big topic. I am thinking how to prevent un-wanted
query. As it stands now, Any one who knows the hostName and portNumber
can query/update documents inside, by using either a commandline tool or
a slightly modified java-api. (assume that he is inside the firewall, or
he is outside firewall but the port used is open)

Honglin


Mime
View raw message