xml-dev - Re: [xml-dev] SOAP-RPC and REST and security

Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] SOAP-RPC and REST and security
From: Gavin Thomas Nicol <gtn@rbii.com>
Date: Wed, 20 Feb 2002 17:32:27 -0500
In-reply-to: <D7155AD41ECFD511AF4A00B0D0202CB51DFE12@MAILHOST>
Organization: Red Bridge Interactive, Inc.
References: <D7155AD41ECFD511AF4A00B0D0202CB51DFE12@MAILHOST>

On Wednesday 20 February 2002 04:33 pm, Michael Brennan wrote:
> > I talked to an EJB expert about REST. We were talking about
> > security models. I described how REST has a natural ACL or
> > capabilities model. What's the natural model of RMI (which is
> > basically OO RPC with class distribution)?

An RPC {host,method) pair is roughly akin to a capability...  in fact 
in one of our products we use this id to protect method calls over RMI.

That said, both the above and REST are flawed as a capability-based 
system because of the arbitrary discoverability holes.

References:
- RE: [xml-dev] SOAP-RPC and REST and security
  - From: Michael Brennan <Michael_Brennan@Allegis.com>

Prev by Date: RE: [xml-dev] Re: [namespaceDocument-8] 14 Theses
Next by Date: Re: [xml-dev] SOAP-RPC and REST and security
Previous by thread: RE: [xml-dev] SOAP-RPC and REST and security
Next by thread: RE: [xml-dev] SOAP-RPC and REST and security
Index(es):
- Date
- Thread