[
Lists Home |
Date Index |
Thread Index
]
- From: "Dick Brooks" <dick@8760.com>
- To: "John D. Gwinner" <JGwinner@dazsi.com>, "Jonathan Borden" <jborden@mediaone.net>, <xml-dev@xml.org>
- Date: Tue, 9 May 2000 14:32:58 -0500
John D. Gwinner wrote:
>If everything that you consider important was built into SOAP from the
>beginning, it would make implementation of somethings harder, which in our
>E-Commerce case we do not want. It wouldn't be "Simple".
Perhaps we have different views of E-Commerce. I base my view on having
provided E-Commerce solutions to the Energy and Healthcare industries since
1996. Encryption, authentication, data integrity and non-repudiation are
REQUIREMENTS for E-Commerce within these industries. I'm not saying SOAP
CAN'T be used in E-Commerce, it certainly can be used to invoke a method on
an Internet portal, the same way people use CGI today. If your needs fall
into this "portal scope" of E-Commerce then "lather up". But, IMHO, SOAP is
inadequate with regard to Healthcare and Energy E-commerce REQUIREMENTS.
>somewhere else. If you want authentication, encryption, and
non-repudiation,
>can't you just build this into a payload? (Maybe you can't, this is an
honest
>question).
This is the problem! There is no standard way to represent signed/encrypted
datum following the S/MIME or OpenPGP standards within SOAP. The ebXML
initiative is providing a solution that will allow signed/encrypted XML
payloads.
As I stated earlier, SOAP works for a certain class of "unsecure"
E-Commerce, but is seriously lacking for "secure" E-Commerce. I think SOAP
is a great "RPC - Next Generation" (RPC-NG) offering, which I would not
hesitate to use in a safe/secure corporate network. I would never use SOAP
to build an E-Commerce solution on the Internet!
These are my opinions,
Dick Brooks
http://www.8760.com/
-----Original Message-----
From: John D. Gwinner [mailto:JGwinner@dazsi.com]
Sent: Tuesday, May 09, 2000 12:08 PM
To: Dick Brooks (E); Jonathan Borden; xml-dev@xml.org
Subject: RE: SOAP, plague, love
> -----Original Message-----
> From: owner-xml-dev@xml.org [mailto:owner-xml-dev@xml.org]On Behalf Of
> Dick Brooks (E)
> Sent: Sunday, May 07, 2000 2:35 PM
> To: Jonathan Borden; xml-dev@xml.org
> Subject: RE: SOAP, plague, love
>
>
> Jonathan,
>
> I agree with your assessment. It points out that SOAP by itself is
> inadequate for E-Commerce applications and must be augmented by another
> technology (XMTP is a great example and it's a fine peice of work). You
> really should consider sending XMTP to W3C as a working draft. FYI - I
> referenced XMTP in the ebXML packaging spec as a possible solution to
create
> a pure XML packaging solution.
Dick, I'm glad that it is "Inadequate" by your measure, because if it was,
some of the E-Commerce that we are doing would be much more difficult. SOAP
is just a way to get understandable messages back and forth (from
*anything*) - what you do with the message that we craft is up to each of
us.
If everything that you consider important was built into SOAP from the
beginning, it would make implementation of somethings harder, which in our
E-Commerce case we do not want. It wouldn't be "Simple".
It's like saying that ethernet cards are inadequate for your E-Commerce
because they don't have encryption built in. They shouldn't - that piece
goes
somewhere else. If you want authentication, encryption, and
non-repudiation,
can't you just build this into a payload? (Maybe you can't, this is an
honest
question).
Why are we discussing this here instead of on the SOAP list?
== John ==
***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************
|
