OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] REST has too many verbs

[ Lists Home | Date Index | Thread Index ]

Gavin Thomas Nicol wrote:
> 
> On Monday 11 February 2002 04:16 pm, Simon St.Laurent wrote:
> > On Mon, 2002-02-11 at 13:44, Paul Prescod wrote:
> > > Every message should result in a new URI. The URI represents the
> > > current state of the transaction. You point to the last URI you
> > > got.
> >
> > That's sort of vaguely usable, though I don't think I'd want to
> > implement anything deeply recursive on that.
> 
> Actually, the above is bogus because the URI has gone from being
> opaque to encoding application state (to those that understand the
> application) and you may or may not wish to disclose that to an
> intermediary.

Really? Here's one from Expedia. It's half-way through a transaction.
Please tell me what the details of the transaction:

http://www.expedia.ca/pub/agent.dll?qscr=fstr&itid=34958964&bkmd=2&zz=1013489956491

Hint: don't spend all day trying to decrypt it. The information you are
not looking for is not in there. Even Microsoft is not that stupid.

> > Sure.  And if someone else comes along and changes the state out
> > from under your label, how much good is your label?
> 
> Which is what a malicious intermediary can do. As soon as you use SSL,
> visibility is gone...

Of course. You use the right tool for the job. But you can also speak to
*intermediaries* through SSL.

 Paul Prescod




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS