W3C home > Mailing lists > Public > www-ws-arch@w3.org > February 2003

RE: A question for our leaders (was RE: AR023.7.1 (was Re: Dead trou t

From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
Date: Thu, 20 Feb 2003 16:35:16 -0600
Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E01624A8D@bocnte2k3.boc.chevrontexaco.net>
To: "Burdett, David" <david.burdett@commerceone.com>, "Dave Hollander (E-mail)" <dmh@contivo.com>, "Mike Champion (E-mail)" <mike.champion@softwareag-usa.com>
cc: www-ws-arch@w3.org, "Mark Baker" <distobj@acm.org>

Ditto.

Incidentally, I have now received a very thoughtful and useful response
from the TAG, so I have not been ignored.  Sorry.

-----Original Message-----
From: Burdett, David [mailto:david.burdett@commerceone.com] 
Sent: Thursday, February 20, 2003 1:02 PM
To: Dave Hollander (E-mail); Mike Champion (E-mail)
Cc: www-ws-arch@w3.org; Cutler, Roger (RogerCutler); Mark Baker
Subject: A question for our leaders (was RE: AR023.7.1 (was Re: Dead
trou t


A question for our leaders ...

To what extent is the requirement to develop a Web Services Architecture
that supports the needs of business/ecommerce a formal objective of this
activity?

I know that using Web Services for "business" is the main focus that I
personally have. I also recognize that there are other foci, such as
treating the web as a massive information resource, which are equally
important and valid.

If we know the target audience for our work, it might make it easier to
resolve some of the issues we face as we would have some criteria
against which to make a logical decision.

Regards

David

-----Original Message-----
From: Cutler, Roger (RogerCutler) [mailto:RogerCutler@chevrontexaco.com]
Sent: Wednesday, February 19, 2003 7:39 PM
To: Burdett, David; Mark Baker
Cc: www-ws-arch@w3.org
Subject: RE: Representing Actions (was RE: AR023.7.1 (was Re: Dead trout


This is fascinating.

I have recently tried to bring to the TAG's attention -- and have been
completely ignored -- that in our turn the security people in our
company have been completely ignoring the TAG, or at least the sense of
what the TAG has been saying.  Our security people deprecate GET, across
the board, because of exactly the issue that you raise.  I have tried to
argue that a blanket deprecation of GET as a company policy is not
rational -- so far to no avail -- nobody seems to listen to me.  I have
tried to tell the TAG that people in business, at least in my sight, are
not paying attention to  their preference for GET in a variety of
circumstances -- ao far to no avail.

The disconnect here, which I have tried to raise as an issue, is
becoming painful.  To me, at least.

-----Original Message-----
From: Burdett, David [mailto:david.burdett@commerceone.com] 
Sent: Wednesday, February 19, 2003 5:07 PM
To: 'Mark Baker'
Cc: www-ws-arch@w3.org
Subject: RE: Representing Actions (was RE: AR023.7.1 (was Re: Dead trout

[snip] ...

 ...

VARIANT 6 - SOAP Header

POST http://ecommerce.example.com
...
<SOAP:Envelope>
  <SOAP:Header role="messagehandler">
   <x.Actor>processorder</x.actor>
  </SOAP:Header>
  ...
</SOAP:Envelope>

[Snip] ...

MY PERSONAL PREFERENCES

My personal preference is for variant 6 (sorry Mark it's not URI's!) and
here's why ...

All the options that involve putting information in the URI (Variants 1
through 4) mean that the data is visible to anyone who sees the
information go over the net. While this might not often be a worry
sometimes it is. The simple fact, for example, that Microsoft was
placing an order with Sun (or vice versa), could be the basis of some
very interesting articles ... not that I am suggesting that either would
do such a thing ;)

On the other hand, if the data is recorded in the body of the message
somewhere then it can be encrypted which helps ensure privacy.
Received on Thursday, 20 February 2003 17:35:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:15 GMT