W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: SOAP and transfer/transport protocols

From: Joe Meadows <joe.meadows@boeing.com>
Date: Wed, 29 May 2002 15:27:00 -0700
Message-ID: <3CF555B4.5040307@boeing.com>
To: www-ws-arch@w3.org

 >Right, so we're back to the question of "allowing the semantics of each hop
 >in the route to be dictated by the protocol in use on that hop."   You seem
 >to believe that there is a tangible advantage to using different application
 >protocols on each hope rather than using the same SOAP-based
 >(object-specific) application protocol across all the hops.  I'm trying to
 >understand what that advantage is.
 >
 >You say that it "becomes prohibitively expensive to secure and optimize each
 >protocol" and that repeated attempts to do this over the Web have failed.  I
 >think you need to get considerably more concrete to convince people.

Forgive me if I'm way off base here, I only stumbled into this discussion
by accident, but I think I can offer up an example...

By using POST, with all the semantics in the posted message, I (acting
as the HTTP proxy product manager for Boeing), have a really difficult
time applying any security decisions to the transaction. Suppose some
site offers several services, and I wish to block access to a specific
subset of those services... If the requested service were part of the
URL, I could use existing filtering techniques to block access to said
services. Without that, I have to spend lots of money convincing a
proxy vendor to implement SOAP knowledgable filtering rulesets. (repeat
that exersize for every new web unfriendly protocol that gets tunneled
inside of HTTP and you can see how expensive a proposition that becomes).

I think thats an example of a concrete advantage to considering "web friendly"
architecture....

Cheers,
Joe Meadows

The Boeing Company
Received on Wednesday, 29 May 2002 18:27:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:00 GMT