[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

SOAP and Firewalls


firewall avoidance
Buried among the various debates was one point that I'd like to bring to
the forefront. Firewall avoidance is either part of SOAP's mission or it
isn't. Maybe SOAP uses HTTP as if it were a transport protocol merely
because it's "easier" to plug into HTTP-centric architectures than to
talk sockets (arguable, but anyhow). In that case firewall avoidance
would be an accident.

So here's a simple test we can do. If we can all come to consensus that
firewall avoidance is a BAD THING then we can put together a petition
that SOAP should use HTTP but simply on a different port. The SOAP
specification should say: "Applications of SOAP MUST NOT use port 80
unless they adhere to all of the semantics of HTTP.*"

This seems like common sense to me. If you're using HTTP's port a
responsible developer will follow HTTP semantics. If you're not, you
choose a different port. You can absolutely use HTTP tools, just don't
pass yourself off as HTTP. Yes, I know that SOAP isn't the only HTTP
abuser ... I really don't see that as an argument in favour of further
abuse!

All in favour? We can easily shut that loony Bruce Schneier up! And it
strikes me as a near boolean test of whether SOAP is "fer" firewall
security or "agen" it.

 Paul Prescod

* Semantics of HTTP: The addresses of all resources being manipulated
should be expressed in the end-point URI, not the SOAP body. POST should
not be used for safe, idempotent fetching of information.

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.