ietf
[Top] [All Lists]

RE: SOAP/XML Protocol and filtering, etc.

2001-05-07 18:10:02
Only if the application (e.g., protocol) is signed and cross-certified by a
trusted CA could I see this occurring.

/jsb

 -----Original Message-----
From:   Bora Akyol [mailto:akyol(_at_)PLURIS(_dot_)COM]
Sent:   Monday, May 07, 2001 5:47 PM
To:     Henrik Frystyk Nielsen
Cc:     ietf(_at_)ietf(_dot_)org
Subject:        RE: SOAP/XML Protocol and filtering, etc.

Why would a firewall or a firewall admin trust the packet to indicate
what it really is?

Bora

At 2:50 PM -0700 5/7/01, Henrik Frystyk Nielsen wrote:
The meaning of SOAPAction is not to say that "this is a stockquote
service" but to say that "I am sending you a SOAP message of a type that
is part of a stock quote service".

The difference is that one is a destination which is carried in HTTP by
the request-URI but the other is a hint about what is in the message.
This is why SOAPAction is a separate parameter.

Henrik

 On Sun, May 06, 2001 at 03:12:08PM -0400, Keith Moore wrote:
 > and client APIs.  It also keeps HTTP servers from having to know
 > specifically whether a particular URI corresponds with a SOAP
 > request (in which case it might have to look at the SOAPAction
 > header in order to know how to handle it) or not (in which case the

 > SOAPAction header should be ignored).

 Yep; seems to me that Content-Type ss more appropriate for dispatch,
 if doing it in a header is desireable.
 >
 >ugh.  only if you must.  the URL is *far* better for this purpose.