p.s. One thing that really concerns me about the SOAP approach is what I
call firewall escalation - the chief justification for using HTTP as a
substrate for SOAP is to allow it to operate through existing firewalls,
but one of the consequences of SOAP is likely to be that firewalls become
more complex (and more error-prone) due to a need to dig deeper into the
HTTP payload. This degrade service for all uses of HTTP.
Note, as well, that any assumption that you can get
through a firewall by inspecting content implies that
the firewall can read that content - in a very real
sense the use of stateful inspection firewalling works
against securing applications.
Melinda