[
Lists Home |
Date Index |
Thread Index
]
"Bullard, Claude L (Len)" wrote:
>
>...
>
> 1. MS, IBM, et al are choosing UDDI/SOAP. Why?
> They haven't said. They say it works.
I think that Michael Champion addressed this admirably. They haven't
acknowledged that the problem domain has shifted beyond the solutions
they used for LAN stuff.
>...
> "Work properly" seems desirable. So far,
> no one has stepped up to prove that UDDI/SOAP
> won't work properly.
I guess we'll have to try it and see. To me, building complicated apps
will be very difficult with technologies that:
a) have no notion of references, pointers or object interfaces
b) force users to invent namespaces for their data objects rather than
using the global one.
Every time I try to envision how to shoe-horn real business problems
into this model I see no advantages. It's more primitive than networking
technologies of decades ago.
> ... And if I understand
> the implications of using HTTP/URI pure it will
> be more work to achieve the same results as
> the transactions become complex.
No, I feel it is the opposite. RPCs are easier when the transactions are
simpler. The advantage goes away as they get complicated and the address
space management problems grow.
> ... You say it
> will open up security holes, won't scale, etc.
> I say, keep it coarse grained and it can work
> well because the scale issue is less important.
We're 100% in agreement. XML/HTTP strongly encourages course
granularity. Doing a one-param integer method call in the XML/HTTP
fashion is somewhat painful. Submitting a purchase order is so natural
that it doesn't take much thought. POST mypo.xml
> As to security, what about WS-Signature which
> the W3C just released?
Security isn't a checkbox that one standard turns on or off. It's a
discipline.
Every sysadmin understands how to apply security to locations through
ACLs and some advanced ones know how to use capabilities. What is the
equivalent of ACLs for RPC? How easy is it to use and configure?
Security is as much about people as technology. If RPC forces you to
invent your own namespace in parameters then it also forces you to
invent an ACL model (or other security strategy) for the things you've
invented names for.
Paul Prescod
|
