Evolution of XML and Security

I've been starting do dive into the XML world quite a bit lately. It started with a random interest and has lead to working with Web services, XSL-T, XSD, and several other acronyms. I'm sure this will continue to several other levels of acronyms (WSDL, etc.). Perhaps the most interesting thing I have to say to date is this: same but different. Basically, no matter what you are programming in/to/on, it is still programming. Logical statements that affect the data around you. The different part is related to the level of interoperability and extensibility. I know this is quite obvious to most of the world out there, but the nature of the development work done is altered by the fact that this data is open. No longer can the developer sit in a little isolated world and let the network admins worry about security.

Don't get me wrong, there will always be security at the network level. The problem is that security is not only who you are, but what you are using to get to the data. Tie that to the ability to trust a partner to vouch for a third party, you now end up with varying degrees of trust in telling who you are, different access methods, and all the while locking down the same functions depending on the combinations above. It's no wonder that security analysts and developers are in hot demand these days. It seems like (and there probably is and I just haven't gotten to it yet) there should be some X-acronym to describe what kind of access a type of person should have given different access methods. You could call it Extensible Security Description Language (XSDL). Oh wait, those four letters are already taken. I guess the world of acronyms is just too crowded. How about XSec and deviate from the norm?

Alright, enough of that topic for now.