OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] SOA and the Single URL

[ Lists Home | Date Index | Thread Index ]

Rich Salz wrote:
>> So each message, no matter the size, should be parsed to determine 
>> authorization, authentication and validity? As opposed to 
>> stopping/redirecting a request based on the URL/request-credentials 
>> before a parse happens?
> Should be?  Even I'd be reluctant to use something other than "may."
> If your gateway facility is fast enough to handle the traffic, than you 
> can get significant performance gains by offloading stuff like you 
> mention from your application servers.  A J2EE server is not usually the 
> most performant place to do a WS-Security signature validation.
> There are security benefits, too.  Put the router into your DMZ and you 
> prevent bad messages from even getting onto your network.  Pass all XML 
> traffic through it and you have a guaranteed policy enforcement point.

OK, I can see what you are saying. Is there some facility to 
deny/turn-off processing for a type of DoS attack? Say something is 
sending you several complex, large messages - what happens to the gateway?


> But definitely, not everyone needs or wants to do this.  It's all about 
> engineering trade-offs.
>     /r$


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS