RE: SOAP port number from Krishna Sankar on 2002-01-07 (xml-dist-app@w3.org from January 2002)

From: Krishna Sankar <ksankar@cisco.com>
Date: Mon, 7 Jan 2002 11:20:42 -0800
To: "Eugene Kuznetsov" <eugene@datapower.com>
Cc: <xml-dist-app@w3.org>
Message-ID: <NABBJDOPDKGCDCNBNEDOAEDBGIAA.ksankar@cisco.com>

Eugene,

	Good point and thanks for support.

	First of all, if we are encouraging alternate ports, we might as well offer
one well-known port (10) for that.

	Second, this issue requires many hats - I am looking at it from a security
point of view, from a network point of view, from a secure infrastructure
point of view (where I am today, presenting on Next generation Security
Substrate at the National level), from a collaboration enabler perspective,
from secureLinux (as an example of OS level security) perspective, from
eBusiness perspective, ...

	I will elaborate more after I return to homebase. I also need to research
more on Issue 11.

	Henrik, you are right. We need a good security section in the binding and
possibly HTTP binding as well.

cheers

 | -----Original Message-----
 | From: xml-dist-app-request@w3.org [mailto:xml-dist-app-request@w3.org]On
 | Behalf Of Eugene Kuznetsov
 | Sent: Monday, January 07, 2002 10:07 AM
 | To: Mark Baker; Henrik Frystyk Nielsen
 | Cc: Krishna Sankar; xml-dist-app@w3.org
 | Subject: RE: SOAP port number
 |
 |
 | Discussion on this issue is always a catch-22: "SOAP over HTTP is good
 | because we can traverse firewalls over port 80" followed by
 | "SOAP over HTTP
 | is bad because it causes security problems and puts further burden on
 | already-overloaded port 80".
 |
 | Naturally, anyone looking at the problem "from the bottom up" (e.g., from
 | the standpoint of network infrastructure, as opposed to
 | applications), will
 | always see the need for lower-level network traffic classification
 | opportunities -- be it a SOAP-specific HTTP header marker or a
 | SOAP-specific
 | TCP port.
 |
 | Which is I think where Krishna is coming from, please correct me if I'm
 | wrong. If so, I very much agree -- it's easier to pre-classify
 | traffic for
 | routing or filtering at lower levels.
 |
 | > Which is great from my POV.  But I don't think that precludes us
 | > defining an alternate port in the default HTTP binding that folks can
 | > use in place of 80.
 |
 | Right, I'd just like to know which "alternate port" someone will
 | be using if
 | they choose not to use port 80. I don't care if it is port 10,
 | 90 or 512 --
 | but I think there is value in guiding users to a specific port.
 |
 |
 |
 | \\ Eugene Kuznetsov
 | \\ eugene@datapower.com
 | \\ DataPower Technology, Inc.
 |
 |
 |

Received on Monday, 7 January 2002 14:21:23 UTC