Re: [WhenToUseGet-7] GET access already supported by commercial toolkits from Paul Prescod on 2002-05-03 (www-tag@w3.org from May 2002)

From: Paul Prescod <paul@prescod.net>
Date: Thu, 02 May 2002 17:53:11 -0700
To: Tim Bray <tbray@textuality.com>
CC: www-tag@w3.org, "udell@monad.net" <udell@monad.net>, paulclinger@yahoo.com
Message-ID: <3CD1DF77.7A4A9236@prescod.net>

Tim Bray wrote:
> 
> http://radio.weblogs.com/0100887/2002/05/02.html
> 
> So it appears that the commercial developers out there have already
> noticed the benefits of pushing SOAP-accessible stuff into URI space.
> Someone at the W3C should write down a canonical "right way" to do this
> - not exactly rocket science - 

The right way to do this is expressed in the WSDL specification. What
Jon is describing is what you get for free from a complete
implementation of WSDL's HTTP GET/POST bindings. But there is in fact
resistence to deploying it because everyone "knows" that SOAP is the way
of the future and HTTP is history. So Microsoft has the leading
implementation but it implements perhaps one third of the binding
described in the WSDL specification. GLUE implements it on the server
side (not sure how complete their support is) but I believe not the
client side. Apache SOAP/AXIS has no support at all (I checked the
code). Last I checked, SOAP::Lite did not have support for it either.

People often think that when they generate one of these HTTP/WSDL
bindings they are "using SOAP" but there is no SOAP involved. As far as
I know, the HTTP/WSDL bindings can do near anything WSDL/SOAP can do and
in fact some things it cannot. (if I find things that the SOAP/WSDL
bindings do that HTTP/WSDL doesn't I'll try and fix it)

The limitations of this approach are documented here:

 * http://www.prescod.net/rest/wsdlhttp.html

> ... and I can't imagine there'd be any
> resistance to deploying it, since they've already done the work. -Tim

Implementing SOAP and WSDL is a *lot* of work and people are not in a
hurry to take on any extra work at all. There is a sense out there that
SOAP is the future and HTTP is the past so why waste the effort.

Also, at one point I saw a security bulletin along the lines of:
"Microsoft considers providing this feature a security risk. We
recommend developers turn it off." I can't find it now so maybe they
retracted it or didn't publicize it much.

 Paul Prescod

Received on Thursday, 2 May 2002 20:53:39 UTC