W3C home > Mailing lists > Public > xml-dist-app@w3.org > July 2001

Re: Protocol Bindings

From: Mark Nottingham <mnot@mnot.net>
Date: Sun, 8 Jul 2001 15:33:33 -0700
To: "Eamon O'Tuathail" <eamon.otuathail@clipcode.com>
Cc: Henrik Frystyk Nielsen <henrikn@microsoft.com>, xml-dist-app@w3.org, "Marshall T. Rose" <mrose+mtr.netnews@dbc.mtview.ca.us>
Message-ID: <20010708153329.A6787@mnot.net>

How can you be certain that every underlying application protocol's
authentication scheme addresses all of the use cases for SOAP?

Developers should certainly *consider* using the underlying
application protocol's provided authentication mechanisms, when
available, but there will be occaisions - potentially a number -
where it is inadequate (or unavailable).

On Sun, Jul 08, 2001 at 11:16:29PM +0100, Eamon O'Tuathail wrote:
> Henrik,
> > Are you saying that in the case of TCP as the underlying protocol that
> >it is impossible to provide an SOAP/XML based hop-by-hop authentication
> >mechanism?
> What I am saying is that such authentication is a necessary piece of
> functionality and something (what is sensible can be debated ) must provide
> it. I would class the provision of this functionality as one of the jobs of
> an application protocol.
> If the underlying application protocol establishes hop-by-hop authentication
> once, then it does not make sense to be using the SOAP actor model to be
> repeating this work again and again. The SOAP actor model does come in
> useful e.g. when we have to perform tasks at the boundary between distinct
> application protocols or where there is SOAP processing to be done at an
> intermediary - e.g. it could also be useful to provide higher-level
> SOAP-specific services such as SOAP-based transactioning.
> SOAP should be using, not duplicating, the rich services available to it
> from the underlying application protocol.
> Eamon

Mark Nottingham
Received on Sunday, 8 July 2001 18:33:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 22:01:14 UTC