OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

On Wednesday 20 February 2002 05:09 pm, Joshua Allen wrote:
> I just find the idea that REST would be
> inherently more secure than RPC (or likewise, RPC more secure than
> REST) objectionable.  It is possible to make arguments for or
> against either architecture's inherent security.  

Fundamentally the security models are exactly the same. The only area 
where REST might have an edge is in using short-lived URI's to refer 
to particular states in a process... essentially scoping the URI to 
the transaction and the client session. If HTTP is used for REST 
though, it's pretty much wide-open (people can always capture the 
URI's) unless you use SSL, in which case SOAP and REST are again 
equivalent.




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS