RE: SOAP/XML Protocol and filtering, etc.

> > > Only if the application (e.g., protocol) is signed and cross-certified by a
> > trusted CA could I see this occurring.
> >
> > Yeah, like a Microsoft certificate from Verisign.  NOT!
> Hey, could be a BEA, Computer Assoc., IBM; pick your poison!

Some of us choose not to drink whatever poison causes people to say
that authentication is the same as authorization or that any authentication
you are likely to be able to buy for the $250/year that Verisign/Thwate
apparently found to be the price point will be better than the FAX's of
a local DBA license that Verisign/Thwate accepts as incontrovertible.
(With or without working CRL's, that foolishness will continue to be a
joke waiting for more punch lines.)

What does SOAP have to do with the IETF?  The recent WWW references
seem to point outside the IETF.  Judging from the breathless article
in a hardware trade rag that arrived with this afternoon's post, SOAP
is the latest in the lineage of embraces and extensions that includes
VMRL, ActiveX, and WAP.  This trade article explained it as binary
mode FTP for embedded applications (but of course did not mention
FTP).  If it gets enough marketing muscle and is not quite as silly
as VRML and WAP, then it might survive.  But can the IETF affect it?
If not (and the signs are clear), then why worry about it?

It's fun to joke about people who think that bits that proclaim their own
good intentions are necessarily from the good guys and must be allowed
free reign, but it's probably not something we should be doing in public.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com