xml-dev - Re: [xml-dev] SOAP-RPC and REST and security

Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] SOAP-RPC and REST and security
From: Paul Prescod <paul@prescod.net>
Date: Wed, 20 Feb 2002 09:25:23 -0800
References: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0B44@red-msg-08.redmond.corp.microsoft.com>

Joshua Allen wrote:
> 
> > What are the universal units of access control in XML-based RPC in
> > general and SOAP in particular?
> 
> Objects and Interfaces.  COM+ permits ACLs to be applied to business
> objects and methods on those objects.  I am sure EJB is the same.

Okay, I'll take the COM+ stuff offline. I'm looking at a manual that's
telling me I can't do what I want to do but I may misunderstand it.

>...
> I see you saying that REST is inherently more secure than RPC, and
> further claiming that bruceS agrees with you.  I am just pointing out
> that you may be completely wrong on both.

It's clear that BruceS thinks that SOAP is security problem. He's in
favor of the lack of SOAP. I'm in favor of the lack of SOAP.
"Implementation of Microsoft SOAP, a protocol running over HTTP
precisely so it could bypass firewalls, should be withdrawn." Whether he
is an HTTP or XML fan, I can't speculate. He hasn't spoken out against
them.

 Paul Prescod

References:
- RE: [xml-dev] SOAP-RPC and REST and security
  - From: "Joshua Allen" <joshuaa@microsoft.com>

Prev by Date: RE: [xml-dev] regd security while transmitting XML Data
Previous by thread: RE: [xml-dev] SOAP-RPC and REST and security
Next by thread: RE: [xml-dev] SOAP-RPC and REST and security
Index(es):
- Date
- Thread