- From: <paul.downey@bt.com>
- Date: Thu, 22 Jan 2004 07:29:04 -0000
- To: <distobj@acm.org>, <umit.yalcinalp@oracle.com>
- Cc: <www-ws-desc@w3.org>
Hi Mark! Mark Baker wrote: > That assumes that SOAPAction's value is an operation name, but that > isn't necessarily the case. It is for declaring "intent", which may > also be a *type* in some cases. My understanding is that SOAPAction was added for performance reasons - so that a simple proxy could dispatch messages without having to process/understand SOAP. We have been weary of such simplified dispatchers since it's very easy to trick them into delivering messages to the wrong endpoint, possibly subverting access control. This is where a clear method of dispatch reaps rewards: it's very easy for an intermediary to access control, route, and dispatch based on one thing - the SOAP body GED. Duplicating dispatch in SOAPAction only confuses matters IME. Paul
Received on Thursday, 22 January 2004 02:29:05 UTC