W3C home > Mailing lists > Public > xml-dist-app@w3.org > June 2000

RE: SOAP header for authentication etc

From: Mike Dierken <mike@DataChannel.com>
Date: Wed, 7 Jun 2000 08:27:08 -0700
Message-ID: <25D0DF2980A7D311AB1C00508B91BD2AA3F6ED@BELMAIL1>
To: xml-dist-app@w3.org

> Any takers for getting together a list of features that people would like?
> > 
> > Are there any standard or convetion for specifying 
> > authentication etc within <SOAP-ENV:Header>?
> 

Is 'authentication information' meant to be used in the context of 'perform
this operation on the behalf of user-x'? or is it 'perform this operation &
here is a magic key'? or something different?

Since SOAP can be carried over multiple transports, and those transports
have mechanisms for user identification, should there be a concept of
'inheriting' user identification information from the transport? The
underlying transport might not have very secure user-id, but when they do it
may be nice to use them. Would this be the job of a SOAP dispatcher, to
extract transport info, transform to a unified format & load into the
header? Can a SOAP dispatcher touch the message or will it ruin
digest/checksums/etc.?

Also, should this discussion be made on the SOAP forum?
(SOAP@DISCUSS.DEVELOP.COM)

Mike
Received on Wednesday, 7 June 2000 11:34:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:56 GMT