OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] What Does SOAP/WS Do that A REST System Can't?

[ Lists Home | Date Index | Thread Index ]

On Wed, Apr 13, 2005 at 10:54:26PM -0400, Rich Salz wrote:
> As I understand it, HTTP auth is somewhat extensible.  A client
> can make a request, and the server can respond with a challenge.
> The client uses that challenge to authenticate itself, re-issue
> the request, and verify the server's identity.
> How can the client get the server's identity before sending any
> "real" data?  A well-known URI or a new method? How can the server
> challenge the client to prove it's identity without requiring state
> on the server?
> I believe the very statelessness of HTTP and REST makes it
> impossible.

Architectural constraints such as statelessness, are constraints on
form, not function; what you're talking about *is* possible.  The
issue will be whether the larger message size in the stateless
solution will be acceptable or not.  How much state are you're talking

Mark Baker.   Ottawa, Ontario, CANADA.        http://www.markbaker.ca


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS