xml-dev - Re: [xml-dev] SOAP-RPC and REST and security

Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] SOAP-RPC and REST and security
From: Paul Prescod <paul@prescod.net>
Date: Wed, 20 Feb 2002 07:13:11 -0800
Cc: Joshua Allen <joshuaa@microsoft.com>
References: <FD1T74BAKHRQSO85UQU87OLJFWT1TDB.3c73aaaa@MChamp>

Mike Champion wrote:
> 
>...
> 
> It would appear that security is not a differentiator
> between RPC and REST at the *technical* level.  

REST is not a security silver bullet. SOAP services are not guaranteed
to be insecure. Nevertheless there are real, technical, security issues.
And there are real psychological and social issues as you point out. 

Bruce S. raised a serious technical issue that has not been refuted.
I've documented others in an essay here:

http://www.prescod.net/rest/security.html

Let me say again: REST is not a security silver bullet. SOAP services
are not guaranteed to be insecure.

But specifications and communities can encourage security and make it
easy or discourage it and make it hard. SOAP (whether RPC or
"messaging") does the latter.

 Paul Prescod

References:
- Re: RE: [xml-dev] SOAP-RPC and REST and security
  - From: Mike Champion <mc@xegesis.org>

Prev by Date: Re: [xml-dev] SOAP-RPC and REST and security
Next by Date: RE: [xml-dev] URIs are simply names was:Re:[xml-dev]"Abstract"URIs
Previous by thread: Re: RE: [xml-dev] SOAP-RPC and REST and security
Next by thread: RE: [xml-dev] SOAP-RPC and REST and security
Index(es):
- Date
- Thread