XML Security Gateways

6tc1_at_qlink.queensu.ca
Date: 08/26/04

  • Next message: Thor Kottelin: "Oh, your browser isn't wide open to be owned, well, follow these simple instructions (was: Win an iPOD - Complete Survey on Free/Busy Calendaring Feature in Outlook)" 
    Date: 26 Aug 2004 12:24:01 -0700

    Hey all, I just got finished reading this article here:
    http://www.forrester.com/Research/Document/0,7211,34108,00.html

    I don't think you can access the page without an account -
    but basically the author says that many XML security vendors are
    indicating that using an XML security gateway is a good way to keep
    Developers from coding security.

    The overall message in this article seems to be that:
    a) the author doesn't think that these XML security gateway vendors are
    correct in their suggestion of the way to remove developers from doing
    security
    b) the author thinks that Developers _should_ be removed from coding
    security.

    My questions are:
    1. What exactly are "XML Security Gateways" other than devices like
    IDS's and firewalls that can be configured using web services (i.e.
    using SOAP)?
    Is that all an "XML Security Gateway" is?

    2. Why is it such a good idea to keep developers out of security? I
    think it is important that developers are very security conscious and
    ensure that they apply secure coding practices. I don't think that he
    means that developers shouldn't be administering security (which would
    make sense to me) - because he goes on to say:
    "They are quite right that you should keep developers away from coding
    for security, but even without an XML security gateway, this can be
    accomplished if you..."

    If anyone has any information on questions one or two then I would
    appreciate the information as I was fairly confused by this article.

    Thanks,
    Novice

    PS The article title is "Keeping Developers out of Security"

  • Next message: Thor Kottelin: "Oh, your browser isn't wide open to be owned, well, follow these simple instructions (was: Win an iPOD - Complete Survey on Free/Busy Calendaring Feature in Outlook)"