W3C home > Mailing lists > Public > xml-dist-app@w3.org > July 2001

Re: A tale of two bindings

From: Mark Baker <mbaker@markbaker.ca>
Date: Fri, 27 Jul 2001 09:42:04 -0400 (EDT)
Message-Id: <200107271342.JAA14416@markbaker.ca>
To: rsalz@zolera.com (Rich Salz)
Cc: mnot@mnot.net (Mark Nottingham), xml-dist-app@w3.org
> 
> > HTTP's application semantics are secure.
> 
> What do you mean by secure?

Without getting into the details, if I only allow GET invocations
to my site, and don't install any software that does "silly GET
tricks", I'm secure.

Unlike, say, arbitrary RPC interfaces.

> > They can't, so we need to give them a way to identify
> > (so it can be turned off) any SOAP tunneling.
> 
> No we don't.  We must first establish that this is a requirement, and we
> haven't done that yet.

If you ask me, the burden should be the other way around; until it
can be shown that hiding a tunneled protocol is a good idea, all
tunneled protocols should be exposed by the binding.

MB
Received on Friday, 27 July 2001 13:53:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:03 GMT