RE: Action item 2003-11-03 OperationName feature

Hi Mark!

Mark Baker wrote:
> That assumes that SOAPAction's value is an operation name, but that
> isn't necessarily the case.  It is for declaring "intent", which may
> also be a *type* in some cases.

My understanding is that SOAPAction was added for performance reasons
- so that a simple proxy could dispatch messages without having to 
process/understand SOAP. We have been weary of such simplified 
dispatchers since it's very easy to trick them into delivering messages
to the wrong endpoint, possibly subverting access control. 

This is where a clear method of dispatch reaps rewards: it's very easy 
for an intermediary to access control, route, and dispatch based on one
thing - the SOAP body GED. Duplicating dispatch in SOAPAction only 
confuses matters IME.


Received on Thursday, 22 January 2004 02:29:05 UTC