OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Elliotte Rusty Harold on Web Services

[ Lists Home | Date Index | Thread Index ]

On Fri, 31 Jan 2003 11:57:43 -0500, Rich Salz <rsalz@datapower.com> wrote:

> SOAP over HTTP is architecturally no worse than HTTP POST:  both are 
> sending data and requesting that a server act upon it.

Yup.  Is SOAP in an incompetently designed application and incompetently 
administered environment any worse than CGI, ASP, or any other tool for 
coupling client processing with server-side code via HTTP?

I *will* grant that the cavalier attitude toward security of the dominant 
tool vendors that make it all too easy to expose random bits of code as Web 
services is a Bad Thing. I would simply ask that people distinguish SOAP 
(the technology) from SOAP (the hype frenzy and all the bad stuff that 
follows from it) in a discussion such as this.

Also, note the rapidly evolving definition of "firewall" over the last 10 
years or so.  It was originally an IP-level source/destination filter, plus 
TCP-level port-blocking, then HTTP-level URI-filtering .... but firewalls 
are becoming XML/XPath-ware, SOAP-aware, and will surely soon understand 
specific SOAP header standards related to security (WS-Security, etc.).


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS