xml-dev - Re: [xml-dev] SOAP-RPC and REST and security

Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

To: <xml-dev@lists.xml.org>
Subject: Re: [xml-dev] SOAP-RPC and REST and security
From: Gavin Thomas Nicol <gtn@rbii.com>
Date: Wed, 20 Feb 2002 17:51:29 -0500
In-reply-to: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0C73@red-msg-08.redmond.corp.microsoft.com>
Organization: Red Bridge Interactive, Inc.
References: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0C73@red-msg-08.redmond.corp.microsoft.com>

On Wednesday 20 February 2002 05:09 pm, Joshua Allen wrote:
> I just find the idea that REST would be
> inherently more secure than RPC (or likewise, RPC more secure than
> REST) objectionable.  It is possible to make arguments for or
> against either architecture's inherent security.  

Fundamentally the security models are exactly the same. The only area 
where REST might have an edge is in using short-lived URI's to refer 
to particular states in a process... essentially scoping the URI to 
the transaction and the client session. If HTTP is used for REST 
though, it's pretty much wide-open (people can always capture the 
URI's) unless you use SSL, in which case SOAP and REST are again 
equivalent.

References:
- RE: [xml-dev] SOAP-RPC and REST and security
  - From: "Joshua Allen" <joshuaa@microsoft.com>

Prev by Date: Re: [xml-dev] RDDL: minor update
Next by Date: Re: [xml-dev] SOAP-RPC and REST and security
Previous by thread: RE: [xml-dev] SOAP-RPC and REST and security
Next by thread: RE: [xml-dev] SOAP-RPC and REST and security
Index(es):
- Date
- Thread