- From: Mark Baker <mbaker@markbaker.ca>
- Date: Fri, 27 Jul 2001 15:06:26 -0400 (EDT)
- To: rsalz@zolera.com (Rich Salz)
- Cc: xml-dist-app@w3.org
> > Without getting into the details, if I only allow GET invocations > > to my site, and don't install any software that does "silly GET > > tricks", I'm secure. > > Then how is this different from not doing any silly SOAP tricks? Silly GET tricks are well-defined; anything with a side effect. Silly SOAP tricks aren't. > > If you ask me, the burden should be the other way around > > I thought the group had already spent a great deal of time listing the > requirements, and "make it obvious to firewalls, etc." isn't on that > list. Yup, but have you seen this one? R612 The XMLP specification must provide a normative description of the default binding of XMLP to HTTP. This binding, while normative, is not to be exclusive. The binding provided by the Working Group will respect the semantics of HTTP and will demonstrate that it can co-exist with existing HTTP/1.0 and HTTP/1.1 implementations. Which appears to exclude the possibility of the WG defining a normative binding used for tunneling, as tunneling does not respect HTTP semantics. MB
Received on Friday, 27 July 2001 19:17:25 UTC