A question for our leaders (was RE: AR023.7.1 (was Re: Dead trou t

A question for our leaders ...

To what extent is the requirement to develop a Web Services Architecture
that supports the needs of business/ecommerce a formal objective of this
activity?

I know that using Web Services for "business" is the main focus that I
personally have. I also recognize that there are other foci, such as
treating the web as a massive information resource, which are equally
important and valid.

If we know the target audience for our work, it might make it easier to
resolve some of the issues we face as we would have some criteria against
which to make a logical decision.

Regards

David

-----Original Message-----
From: Cutler, Roger (RogerCutler) [mailto:RogerCutler@chevrontexaco.com]
Sent: Wednesday, February 19, 2003 7:39 PM
To: Burdett, David; Mark Baker
Cc: www-ws-arch@w3.org
Subject: RE: Representing Actions (was RE: AR023.7.1 (was Re: Dead trout


This is fascinating.

I have recently tried to bring to the TAG's attention -- and have been
completely ignored -- that in our turn the security people in our
company have been completely ignoring the TAG, or at least the sense of
what the TAG has been saying.  Our security people deprecate GET, across
the board, because of exactly the issue that you raise.  I have tried to
argue that a blanket deprecation of GET as a company policy is not
rational -- so far to no avail -- nobody seems to listen to me.  I have
tried to tell the TAG that people in business, at least in my sight, are
not paying attention to  their preference for GET in a variety of
circumstances -- ao far to no avail.

The disconnect here, which I have tried to raise as an issue, is
becoming painful.  To me, at least.

-----Original Message-----
From: Burdett, David [mailto:david.burdett@commerceone.com] 
Sent: Wednesday, February 19, 2003 5:07 PM
To: 'Mark Baker'
Cc: www-ws-arch@w3.org
Subject: RE: Representing Actions (was RE: AR023.7.1 (was Re: Dead trout

[snip] ...

 ...

VARIANT 6 - SOAP Header

POST http://ecommerce.example.com
...
<SOAP:Envelope>
  <SOAP:Header role="messagehandler">
   <x.Actor>processorder</x.actor>
  </SOAP:Header>
  ...
</SOAP:Envelope>

[Snip] ...

MY PERSONAL PREFERENCES

My personal preference is for variant 6 (sorry Mark it's not URI's!) and
here's why ...

All the options that involve putting information in the URI (Variants 1
through 4) mean that the data is visible to anyone who sees the
information go over the net. While this might not often be a worry
sometimes it is. The simple fact, for example, that Microsoft was
placing an order with Sun (or vice versa), could be the basis of some
very interesting articles ... not that I am suggesting that either would
do such a thing ;)

On the other hand, if the data is recorded in the body of the message
somewhere then it can be encrypted which helps ensure privacy.

Received on Thursday, 20 February 2003 14:02:13 UTC