- From: Henrik Frystyk Nielsen <henrikn@microsoft.com>
- Date: Mon, 7 May 2001 14:13:45 -0700
- To: <Noah_Mendelsohn@lotus.com>
- Cc: <marting@develop.com>, <mnot@mnot.net>, <xml-dist-app@w3.org>
Regarding the use as a hint, I think this is consistent with what you suggest. What I tried to address was that some remarks in the mails that Mark sent around read more into it than a hint and came to the conclusion that as it can't be trusted (because it is a hint just like content type etc) that it was not useful. Henrik >>> It is disappointing that people read into >>> SOAPAction any security mechanism > >I thought it was very clearly intended as, in part, a security hint, and >in that sense a part of a security mechanism. My understanding was that >the intended operation would be that security filters would reject traffic >with untrusted SOAPAction headers, but that final checking would be done >by the actual downstream SOAP processor which has access to the more >reliable (as opposed to hint) information within the envelope. Are we >saying the same thing?
Received on Monday, 7 May 2001 18:31:21 UTC