OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

Mike Champion wrote:
> 
>...
> 
> It would appear that security is not a differentiator
> between RPC and REST at the *technical* level.  

REST is not a security silver bullet. SOAP services are not guaranteed
to be insecure. Nevertheless there are real, technical, security issues.
And there are real psychological and social issues as you point out. 

Bruce S. raised a serious technical issue that has not been refuted.
I've documented others in an essay here:

http://www.prescod.net/rest/security.html

Let me say again: REST is not a security silver bullet. SOAP services
are not guaranteed to be insecure.

But specifications and communities can encourage security and make it
easy or discourage it and make it hard. SOAP (whether RPC or
"messaging") does the latter.

 Paul Prescod




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS