Lists Home |
Date Index |
I didn't think I was arguing SOAP v REST. Tweaking some claims,
> Yes, Digest does include the URI in the hash.
The more correct synopsis would add "but Digest isn't practical"
> Yes, SLL is tied to the IP address of the server being accessed.
Here the text to add is "or an entity in 'front of' the server
terminating the SSL connection."
> And POE does exactly that, if you miss the reply to your POST
> then do your POST again, if you get a 405 then you know that the
> first POST went through and you can do a GET on the
> same URI to get the response body.
I don't think POE works without first doing a GET so that you
can get the POE-Links URL to tell you where to go if you're
POST doesn't get a response. Nor does POE have a strong way
to prevent anyone else from getting the response, either.
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html