- From: Mark Baker <distobj@acm.org>
- Date: Tue, 10 Jan 2006 17:20:31 -0800
- To: David Hull <dmh@tibco.com>
- Cc: xml-dist-app@w3.org
On 1/10/06, David Hull <dmh@tibco.com> wrote: > One small clarification. The sentence "The only problem appears to be that > the resulting SOAP 'request' and 'response' messages aren't correlated in > the usual manner." may seem to state that the usual rules of HTTP > request-response are not in effect, which was not my intent and is > definitely not what the rest of the piece is saying. It would probably have > been better to say something more like "The only problem appears to be that > the resulting SOAP request and response messages can also be interpreted as > part of a message flow completely distinct from the HTTP request-response > flow." Thanks for the clarification, David, I agree that the replacement text describes a less serious problem than the original text. It's still a problem though (as you note) from a transfer binding POV, and it does still impact HTTP intermediaries, in particular in this case, firewalls, which require knowing what's a request and what's a response to do their job properly. Consider that if SOAP requests could arrive as HTTP responses (PAOS anyone?), that this would be a serious security problem. Mark.
Received on Wednesday, 11 January 2006 01:20:35 UTC