OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] What Does SOAP/WS Do that A REST System Can't?

[ Lists Home | Date Index | Thread Index ]

On Thu, 31 Mar 2005 01:00:29 -0500 (EST), Rich Salz <rsalz@datapower.com> wrote:
> I didn't think I was arguing SOAP v REST.  Tweaking some claims,
> perhaps. :)
> >   Yes, Digest does include the URI in the hash.
> The more correct synopsis would add "but Digest isn't practical"

For your context in which you are working that may be true, and I accept that.

> >   Yes, SLL is tied to the IP address of the server being accessed.
> Here the text to add is "or an entity in 'front of' the server
> terminating the SSL connection."

You have mentioned this before, but is there anything 
which stops you from using TLS/SSL on all the hops
*after* the firewall?

> > And POE does exactly that, if you miss the reply to your POST
> > then do your POST again, if you get a 405 then you know that the
> > first POST went through and you can do a GET on the
> > same URI to get the response body.
> I don't think POE works without first doing a GET so that you
> can get the POE-Links URL to tell you where to go if you're
> POST doesn't get a response.  

That first GET is for the hypertext that contains the POE link, correct.
That's part of the 'hypermedia as the engine of application state", but
let's not go there :)

> Nor does POE have a strong way
> to prevent anyone else from getting the response, either.

I understand that you have issues with the current authentication
and encryption mechanisms for HTTP. 

What I don't understand is the underlying assumption that 
Basic and Digest are the end of the line for HTTP authentication. 
RFC 2617 not only defines Basic and Digest but puts in 
place a framework for adding new mechanisms.
In fact, two such extensions have been proffered during the course
of the Atom discussions[1][2], with the WSSE based mechanism being
adopted by TypePad and, until recently, Blogger. Blogger has since
switched to using Basic over SSL.


[1] http://bitworking.org/news/New_AtomAPI_Implementation_Release2
[2] http://www.xml.com/pub/a/2003/12/17/dive.html

Joe Gregorio        http://bitworking.org


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS