Re: What Does SOAP/WS Do that A REST System Can't?

To: Rich Salz <rsalz@d...>
Subject: Re: What Does SOAP/WS Do that A REST System Can't?
From: Joe Gregorio <joe.gregorio@g...>
Date: Wed, 30 Mar 2005 22:36:06 -0500
Cc: Mark Baker <distobj@a...>, "xml-dev@l..." <xml-dev@l...>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=EG2aJCRN+8LCxnU+6HhJ75NwSukBy8sRZLmu7jwJ5iDT6aIF60O0fzCkIPxYCe+uVHBrskhZB1iztO2yGtCwIITIUJyH7TAWrXm5X/BQr7TScgliyVnJfxuVGley6iZHAh+0Whu07BpIKiWHZrgkl7omtXRN7q4cydrEa9SOayg=
In-reply-to: <Pine.LNX.4.44L0.0503301841520.25605-100000@s...>
References: <20050330230147.GB9251@m...> <Pine.LNX.4.44L0.0503301841520.25605-100000@s...>
Reply-to: Joe Gregorio <joe.gregorio@g...>

Play the video

On Wed, 30 Mar 2005 21:33:59 -0500 (EST), Rich Salz
<rsalz@d...> wrote:
> But what if the Credit Card company is building its back office around
> HTTP and REST?  They *can't* resubmit and let someone else work it out. :)
> Note that I'm not talking about transactions, rollback, etc., I just
> want to know if the damn message got there and what the answer was.
> I'd also like to avoid message replay.

I believe POE fulfills that requirement:

   http://www.mnot.net/blog/2005/03/21/poe
 
> HTTP has no way to provide end-to-end security of the Request URI.
> That means you can't do a GET and have any cryptographically based
> way to be sure that (a) the URI wasn't modified in-flight; and (b)
> that nobody else will see it (i.e., signing and encryption).  SSL/TLS
> is only hop-by-hop.  If there are any proxies or loadbalancers in the
> path, at least some of them will get the plaintext.

As far as (a) is concerned, doesn't Digest include the URI in the hash?

As far as (b) is concerned, isn't the SLL certificate tied to the IP address 
of the server being accessed?

   -joe

-- 
Joe Gregorio        http://bitworking.org

Follow-Ups:
- Re: What Does SOAP/WS Do that A REST System Can't?
  - From: Rich Salz <rsalz@d...>

References:
- Re: What Does SOAP/WS Do that A REST System Can't?
  - From: Mark Baker <distobj@a...>
- Re: What Does SOAP/WS Do that A REST System Can't?
  - From: Rich Salz <rsalz@d...>

Prev by Date: Re: What Does SOAP/WS Do that A REST System Can't?
Next by Date: Re: What Does SOAP/WS Do that A REST System Can't?
Previous by thread: Re: What Does SOAP/WS Do that A REST System Can't?
Next by thread: Re: What Does SOAP/WS Do that A REST System Can't?
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.


	Stylus Studio® Developer Network \| Contact Us \| Email this page