Re: Web RPCs Considered Harmful

Henrik Frystyk Nielsen wrote:

> SOAP doesn't define *a* security policy because we expect that there is
> need for multiple policies and even capability for negotiating which one
> to use depending on the context (commerce, medical etc.) but that is not
> for the base SOAP to do.

You mentions that SOAP defines "security policy" but what is SOAPs relation
the much larger concept of Security Architecture which have  far reaching
consequences regarding RPC/Messaging in general ?

(I have not dug into the details of SOAP, so this is a question,not

/  Financial Toolsmiths AB            /
/  Anders W. Tell                     /
/ WWW:  <>    /
/ XIOP: <> /

Received on Saturday, 13 May 2000 15:57:17 UTC