Rich, as you might have guessed from the title, is talking about security regarding XML and web services.

I'm actually surprised that this is still a problem for people.

Maybe I'm just a visionary...

Maybe I just see the world from a higher vantage point...

...but I don't think that this stuff is that hard.

You want secure web services?

Check this out, yo':

1. Spec out your API and publish the documents - do not, I repeat, do not write any code

2. Get a domain name for your web services project

3. Begin selling the hell out of your service

4. When your customers call in to tech support to say that they're having problems hooking their clients into your system, tell them that it's probably because they need to "grok" WS-Securitamajiggy, WS-PasswordScramblanator, WS-KeepTheHax0rzOut, and WS-YouAreSomeGullibleBastards.

At this point, you might be asking yourself, "How does this lead to better security?"

The answer, as only an industry luminary such as myself could possibly see, is basically Zen:

The best security in the universe is to not have an application to break into in the first place.

DUH. Think, people... THINK. I'm tired of carrying the weight of this industry on my shoulders.

Also, if you don't like the solution I've presented here, then you can do what the AS400 admins did at a company where I had a contract in the past: Lock the system down so tightly that the only way to make it more secure would be to unplug it.

There's nothing quite like a machine that even the admins can't get into.

You can also try this:

Local security expert, Donald Pipskin, sharing his security secrets with the world