[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[DotGNU]Fwd: Re: Security in SOAP?
|
From: |
Kent Nguyen |
|
Subject: |
[DotGNU]Fwd: Re: Security in SOAP? |
|
Date: |
Tue, 17 Jul 2001 20:49:23 +0000 |
I just thought I pass this on. Looks like IBM already made up their mind.
Personally I feel otherwise. But I'm a small cookie to make any opinion when
you have two the biggest software company -- IBM and Microsoft -- in the
world standardizing on SOAP.
If you guys choose to use SOAP, I'll keep quiet and work by myself on General
XML Messaging Protocol (GXMP). Otherwise, I will make some periodical
announcements on my progress with GXMP.
--kent
---------- Forwarded Message ----------
Subject: Re: Security in SOAP?
Date: Tue, 17 Jul 2001 15:24:33 -0500
From: "Dave Ehnebuske" <address@hidden>
To: Kent Nguyen <address@hidden>
Kent,
We've pretty much settled for SOAP (and its W3C follow-on) in the space
where it fits. The reason is that it is simple enough that people's eyes
don't cross when they think about using it and yet is robust enough to do
some really interesting things with. And most importantly it is very
popular -- rapidly becoming baked into all sorts of interesting stuff.
Thanks for the offer, though.
David Ehnebuske
Distinguished Engineer
IBM Corporation, Application Integration and Middleware
Austin, TX
(512) 838-4998, internal 678-4998
Kent Nguyen <address@hidden> on 07/17/2001 11:20:41 AM
To: Dave Ehnebuske/Austin/address@hidden
cc:
Subject: Re: Security in SOAP?
Hi Dave,
Thanks for the email.
I've been working on something similiar to SOAP. This is simpler than what
SOAP is, and it's very lightweight. it doesn't have all the baggage SOAP
has.
Would IBM be interested in looking at it? Or IBM has set in stone SOAP is
the way to go for XML based web services?
--kent
On Monday 16 July 2001 12:24, you wrote:
> Kent,
>
> Security is not built into SOAP 1.1. But if you use SOAP 1.1 over a
secure
> transport such as https, you get the security of the transport.
>
> That said, the standardization work on SOAP that is going on at the W3C
is
> considering how to allow more and more flexible security in SOAP. For
> example, enabling selective use of encryption and digital signatures on
> (specific pieces of) the SOAP payload. But, that's for the future. For
now,
> SOAP only allows for transport-level security. Since you can do both
> authentication and encryption, you can still do a lot.
>
> Hope this helps!
>
> David Ehnebuske
> Distinguished Engineer
> IBM Corporation, Application Integration and Middleware
> Austin, TX
> (512) 838-4998, internal 678-4998
>
>
> Kent Nguyen <address@hidden> on 07/14/2001 01:44:49 PM
>
> To: Dave Ehnebuske/Austin/address@hidden
> cc: address@hidden
> Subject: Security in SOAP?
>
>
>
> Hi,
>
> Thank you for writing SOAP. I'm curious where's the security in SOAP is?
> Is
> it intentionally hidden?
>
> I read about IBM security extension to SOAP. Pretty good. But is it
> standardize?
>
> The reason I'm asking is I'm writing my own XML-RPC dialect for security.
> This is part of my distributed authentication system.
>
> thanks,
> --kent
-------------------------------------------------------
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [DotGNU]Fwd: Re: Security in SOAP?,
Kent Nguyen <=