1 Nov
2007
1 Nov
'07
9:32 p.m.
Marty Humphrey wrote:
Right -- " Are you concerned with the inclusion of the username/password in the URI string in the JSDL?" No. It's over https by definition.
A little more broadly, I am concerned that someone could semi-legitimately accuse the HPC Profile effort of "mandating insecurity".
Might be worth considering webdav, since that's (almost) http(s) and yet is known to support bidirectional transfers (the semantics of which are messier with http). Longer term, an extension to JSDL to allow the embedding of EPRs would allow for something much more sophisticated, as I think there's something in the WS-Zoo that allows the embedding of credentials (or methods of obtaining them) in EPRs. But not this year. :-) Donal.