W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2002

Re: SOAP port number

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 7 Jan 2002 12:48:40 -0800
To: Mark Baker <distobj@acm.org>
Cc: Henrik Frystyk Nielsen <henrikn@microsoft.com>, Krishna Sankar <ksankar@cisco.com>, xml-dist-app@w3.org
Message-ID: <20020107124840.B13555@mnot.net>

IIRC this was discussed at the F2F as well. 

Defining a new port gets us into the morass of defining what an HTTP
application is, what the semantics of a port are, etc.

I would strongly urge the group not to pursue this; although it seems
like a good/friendly thing to do, it encourages people to trust (or
not trust) traffic by port, which is unrealistic and dangerous.

On Mon, Jan 07, 2002 at 12:43:02PM -0500, Mark Baker wrote:
> > IIRC, we decided [3] to keep the port and have a security section in the
> > HTTP binding section warning about the dangers of using SOAP over HTTP
> > in general and in particular about the port issue.
> It looks like at that f2f, Mark's "Proposal One" was adopted;
>    Dedicate a sizeable portion of text warning of the dangers of using
>    the default port, and encouraging the use of an alternate port when
>    possible.
> Which is great from my POV.  But I don't think that precludes us
> defining an alternate port in the default HTTP binding that folks can
> use in place of 80.  But I don't have strong feelings one way or the
> other.  It would only be for convenience.
> MB
> -- 
> Mark Baker, Chief Science Officer, Planetfred, Inc.
> Ottawa, Ontario, CANADA.      mbaker@planetfred.com
> http://www.markbaker.ca   http://www.planetfred.com

Mark Nottingham
Received on Monday, 7 January 2002 15:48:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:11:45 UTC