httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ICS.UCI.EDU>
Subject Re: Simple Object Access Protocol
Date Tue, 02 Nov 1999 22:00:23 GMT
The reason not to is that SOAP makes use of a security hole in most
firewalls (the ones that only check port numbers) in order to transfer
non-Web information across port 80 in spite of a site's security restrictions.
Other than that, it is just an incredibly stupid way to perform RPC.
As soon as the firewall makers get off their butts and fix the holes,
SOAP will be completely useless.

There is no SOAP working group -- it is just an MS draft.  As far as
impleentation is concerned, just create a mod_soap with features similar
to mod_cgi (all SOAP does is change the encoding format of a
request body to an XML variant of DCOM).


In message <007f01bf2573$74396b10$>,
Bill Stoddard writes:
>Is anyone on the list familier with SOAP?
>SOAP is an HTTP/XML based RPC mechanism being pushed by MS, I think, as a
>replacement for DCOM. Does anyone see any inherent difficulties with
>accomodating SOAP in Apache? From reading the IETF draft, it appears we
>would need to support the M-Post method and recognise some additional
>headers. Doesn't sound to onorous.  Beyond that, seems the capability to
>build and transport SOAP objects would rely on a good XML parser and a
>scripting engine (PHP, mod_perl, Jakarta, etc). What's SOAPs status in the
>IETF?  The upcoming IETF in DC doesn't mention it or an HTTP WG meeting

View raw message