- From: Mark Baker <mbaker@markbaker.ca>
- Date: Fri, 27 Jul 2001 09:42:04 -0400 (EDT)
- To: rsalz@zolera.com (Rich Salz)
- Cc: mnot@mnot.net (Mark Nottingham), xml-dist-app@w3.org
> > > HTTP's application semantics are secure. > > What do you mean by secure? Without getting into the details, if I only allow GET invocations to my site, and don't install any software that does "silly GET tricks", I'm secure. Unlike, say, arbitrary RPC interfaces. > > They can't, so we need to give them a way to identify > > (so it can be turned off) any SOAP tunneling. > > No we don't. We must first establish that this is a requirement, and we > haven't done that yet. If you ask me, the burden should be the other way around; until it can be shown that hiding a tunneled protocol is a good idea, all tunneled protocols should be exposed by the binding. MB
Received on Friday, 27 July 2001 13:53:11 UTC