OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Generality of HTTP

[ Lists Home | Date Index | Thread Index ]

Gavin Thomas Nicol wrote:
> The problem here is security. Once you open things up, you have to
> deal with the issue of disclosure of resources. Intermediaries
> complicate the problem too (already do in the web. Who knows whose
> spoofing whom). 

I don't really know how HTTP makes this any harder than anything else.
At least HTTP has a security model. Security for RPC seems a very
difficult (intractable?) problem. HTTP has a very understandable but
flexible security model. I would say that many services need nothing
more complex than "rwx" ACLs.

> ... Peer-to-peer HTTP is fine for asycnronous work (I POST
> a request, you POST a response), but there are issues in the apparent
> simplicity. Those kinks need to get ironed out before this really
> takes off.

I agree. But the cost of ironing out a few kinks is already dwarfed by
the amount of money that has been poured into SOAP RPC.

 Paul Prescod


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS