Lists Home |
Date Index |
Gavin Thomas Nicol wrote:
> The problem here is security. Once you open things up, you have to
> deal with the issue of disclosure of resources. Intermediaries
> complicate the problem too (already do in the web. Who knows whose
> spoofing whom).
I don't really know how HTTP makes this any harder than anything else.
At least HTTP has a security model. Security for RPC seems a very
difficult (intractable?) problem. HTTP has a very understandable but
flexible security model. I would say that many services need nothing
more complex than "rwx" ACLs.
> ... Peer-to-peer HTTP is fine for asycnronous work (I POST
> a request, you POST a response), but there are issues in the apparent
> simplicity. Those kinks need to get ironed out before this really
> takes off.
I agree. But the cost of ironing out a few kinks is already dwarfed by
the amount of money that has been poured into SOAP RPC.