Lists Home |
Date Index |
- To: Rich Salz <firstname.lastname@example.org>
- Subject: Re: [xml-dev] What Does SOAP/WS Do that A REST System Can't?
- From: Joe Gregorio <email@example.com>
- Date: Wed, 13 Apr 2005 16:22:08 -0400
- Cc: "firstname.lastname@example.org" <email@example.com>
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UyiPFYQuXdkrNcg9I/S2iiBVR2eNaIVMFotRQOHmYPqtFrCpW0NZIB6bmBbiMVvVGIV2JnHEeNzW5DIiDHBiDMm075UlEyEMVkoQYT00esn3AX02L1IIoUGQ7KzbWYkkwhrSch73WiI7c/HvIs3aYl4HsilD14LlSSPVhK+lfuQ=
- In-reply-to: <424C23E2.firstname.lastname@example.org>
- References: <email@example.com> <Pine.LNX.4.44L0.firstname.lastname@example.org> <email@example.com> <424C23E2.firstname.lastname@example.org>
- Reply-to: Joe Gregorio <email@example.com>
I keep coming back to this message and starting
to type out replies then deleting them before
sending. The claims you are making are rather
strange. Maybe you could explain how WS-* solves
these problems, that of POE and Authentication, so I
have something to compare against.
On 3/31/05, Rich Salz <firstname.lastname@example.org> wrote:
> Like Digest and BasicAuth, the two you mentioned require both parties to
> use that shared secret on every interaction. It's just like having to
> type your password into the shell after every command.
Thanks for the analysis of both these methods, but you missed the point.
I brought them up to demostrate that HTTP auth is extensible. If the current
schemes don't meet your requirements why aren't you working within
the HTTP framework to define an authentication mechanism that *does*
meet your needs.
Joe Gregorio http://bitworking.org