Re: SOAP port number

IIRC this was discussed at the F2F as well. 

Defining a new port gets us into the morass of defining what an HTTP
application is, what the semantics of a port are, etc.

I would strongly urge the group not to pursue this; although it seems
like a good/friendly thing to do, it encourages people to trust (or
not trust) traffic by port, which is unrealistic and dangerous.



On Mon, Jan 07, 2002 at 12:43:02PM -0500, Mark Baker wrote:
> > IIRC, we decided [3] to keep the port and have a security section in the
> > HTTP binding section warning about the dangers of using SOAP over HTTP
> > in general and in particular about the port issue.
> 
> It looks like at that f2f, Mark's "Proposal One" was adopted;
> 
>    Dedicate a sizeable portion of text warning of the dangers of using
>    the default port, and encouraging the use of an alternate port when
>    possible.
> 
> Which is great from my POV.  But I don't think that precludes us
> defining an alternate port in the default HTTP binding that folks can
> use in place of 80.  But I don't have strong feelings one way or the
> other.  It would only be for convenience.
> 
> MB
> -- 
> Mark Baker, Chief Science Officer, Planetfred, Inc.
> Ottawa, Ontario, CANADA.      mbaker@planetfred.com
> http://www.markbaker.ca   http://www.planetfred.com
> 

-- 
Mark Nottingham
http://www.mnot.net/
 

Received on Monday, 7 January 2002 15:48:43 UTC