W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2006

Re: Action Item - Part I: WSRX and MEP signaling on the wire (clarification)

From: David Hull <dmh@tibco.com>
Date: Wed, 11 Jan 2006 14:02:01 -0500
To: Mark Baker <distobj@acm.org>
Cc: xml-dist-app@w3.org
Message-id: <43C55629.405@tibco.com>
Mark Baker wrote:

>On 1/10/06, David Hull <dmh@tibco.com> wrote:
>  
>
>> One small clarification.  The sentence "The only problem appears to be that
>>the resulting SOAP 'request' and 'response' messages aren't correlated in
>>the usual manner." may seem to state that the usual rules of HTTP
>>request-response are not in effect, which was not my intent and is
>>definitely not what the rest of the piece is saying.  It would probably have
>>been better to say something more like "The only problem appears to be that
>>the resulting SOAP request and response messages can also be interpreted as
>>part of a message flow completely distinct from the HTTP request-response
>>flow."
>>    
>>
>
>Thanks for the clarification, David, I agree that the replacement text
>describes a less serious problem than the original text.  It's still a
>problem though (as you note) from a transfer binding POV, 
>
I believe I said, "This problem, if it is a problem at all, is of no
concern to anything that just looks at HTTP."

>and it does
>still impact HTTP intermediaries, in particular in this case,
>firewalls, which require knowing what's a request and what's a
>response to do their job properly.  Consider that if SOAP requests
>could arrive as HTTP responses (PAOS anyone?), that this would be a
>serious security problem.
>  
>
At the risk of sounding repetitious, what do you see as the security (or
other) problem?

>Mark.
>
>  
>
Received on Wednesday, 11 January 2006 19:02:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:21 GMT