Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] SOAP and Firewalls
 Buried among the various debates was one point that I'd like to bring to the forefront. Firewall avoidance is either part of SOAP's mission or it isn't. Maybe SOAP uses HTTP as if it were a transport protocol merely because it's "easier" to plug into HTTP-centric architectures than to talk sockets (arguable, but anyhow). In that case firewall avoidance would be an accident. So here's a simple test we can do. If we can all come to consensus that firewall avoidance is a BAD THING then we can put together a petition that SOAP should use HTTP but simply on a different port. The SOAP specification should say: "Applications of SOAP MUST NOT use port 80 unless they adhere to all of the semantics of HTTP.*" This seems like common sense to me. If you're using HTTP's port a responsible developer will follow HTTP semantics. If you're not, you choose a different port. You can absolutely use HTTP tools, just don't pass yourself off as HTTP. Yes, I know that SOAP isn't the only HTTP abuser ... I really don't see that as an argument in favour of further abuse! All in favour? We can easily shut that loony Bruce Schneier up! And it strikes me as a near boolean test of whether SOAP is "fer" firewall security or "agen" it. Paul Prescod * Semantics of HTTP: The addresses of all resources being manipulated should be expressed in the end-point URI, not the SOAP body. POST should not be used for safe, idempotent fetching of information. 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
