- From: Mark Nottingham <mnot@mnot.net>
- Date: Sun, 8 Jul 2001 15:33:33 -0700
- To: "Eamon O'Tuathail" <eamon.otuathail@clipcode.com>
- Cc: Henrik Frystyk Nielsen <henrikn@microsoft.com>, xml-dist-app@w3.org, "Marshall T. Rose" <mrose+mtr.netnews@dbc.mtview.ca.us>
How can you be certain that every underlying application protocol's authentication scheme addresses all of the use cases for SOAP? Developers should certainly *consider* using the underlying application protocol's provided authentication mechanisms, when available, but there will be occaisions - potentially a number - where it is inadequate (or unavailable). On Sun, Jul 08, 2001 at 11:16:29PM +0100, Eamon O'Tuathail wrote: > Henrik, > > > Are you saying that in the case of TCP as the underlying protocol that > >it is impossible to provide an SOAP/XML based hop-by-hop authentication > >mechanism? > > What I am saying is that such authentication is a necessary piece of > functionality and something (what is sensible can be debated ) must provide > it. I would class the provision of this functionality as one of the jobs of > an application protocol. > > If the underlying application protocol establishes hop-by-hop authentication > once, then it does not make sense to be using the SOAP actor model to be > repeating this work again and again. The SOAP actor model does come in > useful e.g. when we have to perform tasks at the boundary between distinct > application protocols or where there is SOAP processing to be done at an > intermediary - e.g. it could also be useful to provide higher-level > SOAP-specific services such as SOAP-based transactioning. > > SOAP should be using, not duplicating, the rich services available to it > from the underlying application protocol. > > Eamon > -- Mark Nottingham http://www.mnot.net/
Received on Sunday, 8 July 2001 18:33:37 UTC