[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: SOAP-RPC and REST and security

• To: xml-dev@l...
• Subject: Re: SOAP-RPC and REST and security
• From: Paul Prescod <paul@p...>
• Date: Wed, 20 Feb 2002 09:25:23 -0800
• References: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0B44@r...>

Joshua Allen wrote:
> 
> > What are the universal units of access control in XML-based RPC in
> > general and SOAP in particular?
> 
> Objects and Interfaces.  COM+ permits ACLs to be applied to business
> objects and methods on those objects.  I am sure EJB is the same.

Okay, I'll take the COM+ stuff offline. I'm looking at a manual that's
telling me I can't do what I want to do but I may misunderstand it.

>...
> I see you saying that REST is inherently more secure than RPC, and
> further claiming that bruceS agrees with you.  I am just pointing out
> that you may be completely wrong on both.

It's clear that BruceS thinks that SOAP is security problem. He's in
favor of the lack of SOAP. I'm in favor of the lack of SOAP.
"Implementation of Microsoft SOAP, a protocol running over HTTP
precisely so it could bypass firewalls, should be withdrawn." Whether he
is an HTTP or XML fan, I can't speculate. He hasn't spoken out against
them.

 Paul Prescod

• References:
  • RE: SOAP-RPC and REST and security
    • From: "Joshua Allen" <joshuaa@m...>

• Prev by Date: RE: regd security while transmitting XML Data
• Next by Date: Re: Use of © in XML/XSLT
• Previous by thread: RE: SOAP-RPC and REST and security
• Next by thread: RE: SOAP-RPC and REST and security
• Index(es):
  • Date
  • Thread