- From: Henrik Frystyk Nielsen <henrikn@microsoft.com>
- Date: Sun, 8 Jul 2001 13:59:09 -0700
- To: <eamon.otuathail@clipcode.com>
- Cc: <xml-dist-app@w3.org>, "Marshall T. Rose" <mrose+mtr.netnews@dbc.mtview.ca.us>, "Mark Nottingham" <mnot@mnot.net>
>It is just plain wrong to think we can put a SOAP envelope >encoded in some format directly on the transport layer - >additional services (what I am calling an application >protocol) are needed in the middle. One example is >authentication of the hops in a multihop connection - not >doing this leaves us wide open e.g. to denial of service attacks. Are you saying that in the case of TCP as the underlying protocol that it is impossible to provide an SOAP/XML based hop-by-hop authentication mechanism? This is exactly what the SOAP actor model can be used for. I think you are missing an important part of what SOAP is and what its relationship is to underlying protocols. SOAP is not merely a content type; it is--as has been mentioned--an application layer protocol, although a very lightweight one. SOAP can be bound to various underlying protocols including some other application layer protocols in order to extend those applications. However, there is no functionality that these applications provide that is inherently required by SOAP. >> > (C) a SOAP-specific application protocol above TCP. >C: left to the designer of the application using SOAP and SOAP-RP > >I don't understand this. > >I understand an 'application' as what executes inside a >process on a computing device. I understand 'application >protocol' as a set of rules of how two or more distributed >applications talk over a network. I might write an app using >.NET/C# and wish to talk to a remote app written with Java - >for this, it is the application protocol, not the application, >that lays down the rules. Most application layer protocols actually define an application in the sense that they define a set of actions and maybe responses to those actions. If these protocols are strictly wire protocols then the applications can be implemented in any way you wish. SOAP does the same thing, it just so happens that the core SOAP application is very simple. What I mean by the statement above is that one can use SOAP in many contexts and for many different purposes or "SOAP applications". These are in fact SOAP applications and not applications that SOAP in some manner is layered over. Henrik
Received on Sunday, 8 July 2001 17:06:18 UTC