W3C home > Mailing lists > Public > www-ws@w3.org > March 2002

RE: Security Issues in Web-Services

From: Joseph Hui <jhui@digisle.net>
Date: Fri, 8 Mar 2002 10:59:20 -0800
Message-ID: <C153D39717E5F444B81E7B85018A460B081B2735@ex-sj-5.digisle.com>
To: "Naresh Agarwal" <nagarwal@in.firstrain.com>, <www-ws@w3.org>
> -----Original Message-----
> From: Naresh Agarwal [mailto:nagarwal@in.firstrain.com]
[snip]

> 4)  Most SOAP implementation use HTTP as transport protocol and hence
> can not use TLS. 

This is not true.  You can have an implementation where SOAP messages
are the payload of TLS, which already assumes a reliable transport,
e.g. TCP.  Thus HTTP doesn't even have come into the picture.
That is, TLS can be used to securely transport SOAP messages
with or without HTTP!

> Is there any soap implementation, which supports HTTPS?

HTTPS is the scheme for HTTP over SSL/TLS.  So any implementation
that fits SOAP messages into HTTP message bodies and then fits the
HTTP messages into SSL/TLS payloads will do.  I'll leave it to
others to identify the products by name.

Joe Hui
Exodus, a Cable & Wireless service
Received on Friday, 8 March 2002 13:59:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:40 GMT