----- Original Message ----- From: "Sam Ruby" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, May 15, 2002 11:14 AM Subject: Re: WSIF proposal
> Steve Loughran wrote: > > > > > > Is there an xml-commons to mirror jakarta-commons? > > > > and does it contain a sandbox to mirror jakarta-commons/sandbox? > > Not yet. > > More deeply, I'm wondering if xml and web services are emerging as separate > communities. I dont disagree. xml is foundational; web services are applied XML. I think axis is foundational too; there are some things I need to do that related to axis, but should not be part of it. Which means they shouldnt be in the CVS tree of people who shouldnt have to maintain it. There are a couple of things I am thinking of 1. classes for a higher level of interop. Even if we get the basics of section 5 and XSD interop going, there will always be the issue of hashtables and other collection classes, and worse of all the .net datset It would be good to have reference implementations a .net handler for an axis hashtable, and vice versa; an add on to add SwA to .net on the basis that MS wont do that, maybe even a java version of the dataset. Some of this stuff could go into axis, but the .net side of things is to fix their stack, not the apache one. 2. An apache authentication system; our alternative to Passport or the Liberty Alliance. I have a vision of a kerberos auth server you can run on your home server that any affiliate into the authentication federation can authenticate you against, plus iauthentication mplementations for tomcat and apache 2.0. rationale: 1. I dont see why the liberty alliance delivers significant choice over the passport monolith, just more integration grief. 2. if you can run publicly accessible web or soap server on a cable modem, you can host an auth server and provide an endpoint for value added services, such as email and messaging. 3. if you are running your own box you can use a more secure login process, like a securid based auth system, so you dont need to worry so much about password compromise 4. works nicely behind the firewall, stops people needing NTLM auth everywhere the vision is I could log in to any web site as [EMAIL PROTECTED] and the resolver would dns to that box, hit the auth server for a negotiated login, get back endpoints for messaging eiger.dnsalis.org/users/stevel/email eiger.dnsalis.org/users/stevel/im (notice I am not saying whether they are SOAP or REST urls) I think that is a fairly ambitious objective, and I have nothing even vaguely resembling time to work on it -at least for the next few months. But let's face it, who can you trust with your personal data but yourself, and who do you trust to implement a good zero cost server but Apache.
