On 1/10/06, David Hull <dmh@tibco.com> wrote: > One small clarification. The sentence "The only problem appears to be that > the resulting SOAP 'request' and 'response' messages aren't correlated in > the usual manner." may seem to state that the usual rules of HTTP > request-response are not in effect, which was not my intent and is > definitely not what the rest of the piece is saying. It would probably have > been better to say something more like "The only problem appears to be that > the resulting SOAP request and response messages can also be interpreted as > part of a message flow completely distinct from the HTTP request-response > flow." Thanks for the clarification, David, I agree that the replacement text describes a less serious problem than the original text. It's still a problem though (as you note) from a transfer binding POV, and it does still impact HTTP intermediaries, in particular in this case, firewalls, which require knowing what's a request and what's a response to do their job properly. Consider that if SOAP requests could arrive as HTTP responses (PAOS anyone?), that this would be a serious security problem. Mark.Received on Wednesday, 11 January 2006 01:20:35 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:21 GMT