OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] What Does SOAP/WS Do that A REST System Can't?

[ Lists Home | Date Index | Thread Index ]
  • To: David Orchard <dorchard@bea.com>
  • Subject: Re: [xml-dev] What Does SOAP/WS Do that A REST System Can't?
  • From: Joe Gregorio <joe.gregorio@gmail.com>
  • Date: Wed, 13 Apr 2005 21:24:57 -0400
  • Cc: Rich Salz <rsalz@datapower.com>, xml-dev@lists.xml.org
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=axD056RGIy4eSa6HNMZJiyul/P8O5jolVLz62mAwp4KrfIAe4kqPZu0sQ8F0DPvpdFKMIATgVlA+AlCaZd/uroLEEqT3Hu2TyUIWiIq6IcUIb1JVj6szMLjiPlka8qavRL2UJAXHwFYWUdWzxpp9fhumehCKIMzdADkThBbP38Y=
  • In-reply-to: <32D5845A745BFB429CBDBADA57CD41AF0EE91728@ussjex01.amer.bea.com>
  • References: <32D5845A745BFB429CBDBADA57CD41AF0EE91728@ussjex01.amer.bea.com>
  • Reply-to: Joe Gregorio <joe.gregorio@gmail.com>

On 4/13/05, David Orchard <dorchard@bea.com> wrote:
> Do you really think that HTTP can move to a new version, aka HTTP 1.2?

What does a new version of HTTP have anything to do with the 
questions Rich has been asking?
 
> And isn't the work in Web services a proper use of the HTTP Framework to
> define an authentication mechanism?

From a purely practical perspective I can see moving
security to a different level if it makes sense, for example, TLS works
at a level below HTTP. My question, to reiterate:

HTTP has an extensible authentication mechanism. What about
that mechanism is so inadequate that you can't use it to build
an authentication mechanism that meets your requirements?

   Thanks,
   -joe

> Dave
> 
> > -----Original Message-----
> > From: Joe Gregorio [mailto:joe.gregorio@gmail.com]
> > Sent: Wednesday, April 13, 2005 1:22 PM
> > To: Rich Salz
> > Cc: xml-dev@lists.xml.org
> > Subject: Re: [xml-dev] What Does SOAP/WS Do that A REST System Can't?
> >
> > Rich,
> >    I keep coming back to this message and starting
> > to type out replies then deleting them before
> > sending. The claims you are making are rather
> > strange. Maybe you could explain how WS-* solves
> > these problems, that of POE and Authentication, so I
> > have something to compare against.
> >
> >
> > On 3/31/05, Rich Salz <rsalz@datapower.com> wrote:
> > > Like Digest and BasicAuth, the two you mentioned require both
> parties to
> > > use that shared secret on every interaction.  It's just like having
> to
> > > type your password into the shell after every command.
> >
> > Thanks for the analysis of both these methods, but you missed the
> point.
> > I brought them up to demostrate that HTTP auth is extensible. If the
> > current
> > schemes don't meet your requirements why aren't you working within
> > the HTTP framework to define an authentication mechanism that *does*
> > meet your needs.
> >
> >    Thanks,
> >    -joe
> >
> > --
> > Joe Gregorio        http://bitworking.org
> >
> > -----------------------------------------------------------------
> > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> > initiative of OASIS <http://www.oasis-open.org>
> >
> > The list archives are at http://lists.xml.org/archives/xml-dev/
> >
> > To subscribe or unsubscribe from this list use the subscription
> > manager: <http://www.oasis-open.org/mlmanage/index.php>
> 


-- 
Joe Gregorio        http://bitworking.org




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS