OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

Joshua Allen wrote:
> > What are the universal units of access control in XML-based RPC in
> > general and SOAP in particular?
> Objects and Interfaces.  COM+ permits ACLs to be applied to business
> objects and methods on those objects.  I am sure EJB is the same.

Okay, I'll take the COM+ stuff offline. I'm looking at a manual that's
telling me I can't do what I want to do but I may misunderstand it.

> I see you saying that REST is inherently more secure than RPC, and
> further claiming that bruceS agrees with you.  I am just pointing out
> that you may be completely wrong on both.

It's clear that BruceS thinks that SOAP is security problem. He's in
favor of the lack of SOAP. I'm in favor of the lack of SOAP.
"Implementation of Microsoft SOAP, a protocol running over HTTP
precisely so it could bypass firewalls, should be withdrawn." Whether he
is an HTTP or XML fan, I can't speculate. He hasn't spoken out against

 Paul Prescod


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS