[
Lists Home |
Date Index |
Thread Index
]
Cavnar-Johnson, John wrote:
> Probably something along these lines:
> http://www.counterpane.com/crypto-gram-0006.html
Oh, *that* piece. Sometimes Bruce stretches to make his points, as in:
That's right. Those pesky firewalls prevent applications from
sending commands to each other, so SOAP lets vendors hide those
commands as HTTP so the firewall won't notice.
which is wrong. SOAP over HTTP is architecturally no worse than HTTP
POST: both are sending data and requesting that a server act upon it.
There are an awful lot of members of the network security community
involved in an awful lot of WS/SOAP security standards; you can find a
partial survey at http://www.xml.com/pub/a/2003/01/15/ends.html ;
looking through some of those membership lists will find quite a few
well-regarded experts, even if not as well known to the general populace
as Bruce.
/r$
|
