W3C home > Mailing lists > Public > www-ws-desc@w3.org > February 2004

Re: Asynch request/response HTTP binding needed

From: Prasad Yendluri <pyendluri@webmethods.com>
Date: Thu, 05 Feb 2004 07:43:12 -0800
Message-ID: <40226490.90806@webmethods.com>
To: www-ws-desc@w3.org
Paul,

I was not suggesting we ignore this pattern. I am asking how we plan to 
address
this potential huge -ve side affect (e.g. does WS-Addressing account for 
this?).
Designing patterns like this w/o really accounting for this risk is not 
desirable IMO.

Regarding mailing lists, need I say SPAM :)? Imagine SPAM at HTTP level !

Regards, Prasad

-------- Original Message --------
Subject: 	RE: Asynch request/response HTTP binding needed
Date: 	Thu, 5 Feb 2004 09:42:14 -0000
From: 	<paul.downey@bt.com>
To: 	<pyendluri@webmethods.com>, <www-ws-desc@w3.org>


Prasad
 
Whilst I agree that guarding against Dos is a design consideration, 
it's not a reason to ignore this useful pattern.
 
it's common practice in async scenarios for the responder to have 
authenticated the requestor and to only send the response to one 
or more of a set of know endpoints. This is analogous to how mailing lists work.  
 
Paul

	-----Original Message----- 
	From: www-ws-desc-request@w3.org on behalf of Prasad Yendluri 
	Sent: Wed 04/02/2004 20:43 
	To: 'Web Services Description' 
	Cc: 
	Subject: Re: Asynch request/response HTTP binding needed
	
	
	I am always get concerned about the designs that involve a requestor asking the response be sent somewhere else other than the place it originated from, as in
	
	>1. node A makes an HTTP POST to node B with a SOAP Request and
	>    information on where to POST the HTTP response to
	This is prone to misdirecting traffic at a node other than the intended one either unintentionally (in error) or maliciously and could easily play into DoS (Denial of Service) type scenarios.  
	
	Not sure if WS-Addressing accounts for this aspect..
	
	Prasad
	
	-------- Original Message -------- 
Subject: 	RE: Asynch request/response HTTP binding needed	
Resent-Date: 	Sat, 31 Jan 2004 01:44:02 -0500 (EST)	
Resent-From: 	www-ws-desc@w3.org	
Date: 	Fri, 30 Jan 2004 22:43:56 -0800	
From: 	David Orchard <dorchard@bea.com> <mailto:dorchard@bea.com> 	
To: 	'Sanjiva Weerawarana' <sanjiva@watson.ibm.com> <mailto:sanjiva@watson.ibm.com> , 'Martin Gudgin' <mgudgin@microsoft.com> <mailto:mgudgin@microsoft.com> , 'Philippe Le Hegaret' <plh@w3.org> <mailto:plh@w3.org> 	
CC: 	'Web Services Description' <www-ws-desc@w3.org> <mailto:www-ws-desc@w3.org> 	

	yup.  I agree.  The issue about the callback address is related but can be
	orthogonal to the binding.
	
	Dave
	
	> -----Original Message-----
	> From: Sanjiva Weerawarana [mailto:sanjiva@watson.ibm.com]
	> Sent: Friday, January 30, 2004 4:46 PM
	> To: Martin Gudgin; Philippe Le Hegaret; David Orchard
	> Cc: Web Services Description
	> Subject: Re: Asynch request/response HTTP binding needed
	>
	>
	> "Martin Gudgin" <mgudgin@microsoft.com> <mailto:mgudgin@microsoft.com>  writes:
	> > PAOS is slightly different. It has two MEPs, the one I think you are
	> > thinking of works as follows:
	> >
	> > Given nodes A and B:
	> >
	> > 1. node A makes an HTTP GET to node B.
	> > 2. Node B sends a SOAP Request as the HTTP response.
	> > 3. Node A responds with a SOAP response in an HTTP POST to Node B.
	> > 4. Node B responds with some HTTP response ( typically a web page )
	> >
	> > Gudge
	>
	> I understood what DaveO wanted as:
	>
	> 1. node A makes an HTTP POST to node B with a SOAP Request and
	>    information on where to POST the HTTP response to
	> 2. node B responds with something like 201 OK
	> 3. later on, node B makes an HTTP POST to node A with a SOAP Response
	> 4. node A responds with something like 201 OK
	>
	> DaveO??
	>
	> I like this a lot but unfortunately one needs WS-Addressing
	> or something
	> similar to send the "information on where to POST the HTTP
	> response to".
	>
	> Sanjiva.
	>
Received on Thursday, 5 February 2004 10:43:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:15:02 UTC