W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2001

RE: SOAPAction thoughts from elsewhere

From: <Noah_Mendelsohn@lotus.com>
Date: Mon, 7 May 2001 16:57:38 -0400
To: "Henrik Frystyk Nielsen" <henrikn@microsoft.com>
Cc: marting@develop.com, mnot@mnot.net, xml-dist-app@w3.org
Message-ID: <OFFA89B9FC.6351A214-ON85256A45.0070D9AA@lotus.com>
Henrik Nielsen writes:

>> It is disappointing that people read into 
>> SOAPAction any security mechanism

I thought it was very clearly intended as, in part, a security hint, and 
in that sense a part of a security mechanism.  My understanding was that 
the intended operation would be that security filters would reject traffic 
with untrusted SOAPAction headers, but that final checking would be done 
by the actual downstream SOAP processor which has access to the more 
reliable (as opposed to hint) information within the envelope.  Are we 
saying the same thing?

------------------------------------------------------------------------
Noah Mendelsohn                                    Voice: 1-617-693-4036
Lotus Development Corp.                            Fax: 1-617-693-8676
One Rogers Street
Cambridge, MA 02142
------------------------------------------------------------------------
Received on Monday, 7 May 2001 17:02:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:01 GMT