From: Jim Whitehead (ejw@ics.uci.edu)
Date: Thu Aug 31 2000 - 10:54:20 PDT
Roy Fielding writes:
>Architects use protocols to enable a defined set of communication. The
>degree to which that communication is visible to intermediaries determines
>whether or not it can be safely passed through a firewall. Now what is
>it about HTTP that makes it different from RPC, and thus safe for transfer
>through firewalls?
I dunno, maybe it's just because Roy is/was my officemate, and I've
mind-melded with him, but I thought this was obvious.
HTTP exposes its commands in a known location in the message, and the
universe of commands is predefined in a community reviewed and approved
standard. Hence, the syntax and semantics of commands are knowable by
intermediaries, such as proxies and firewalls. Since the semantics are
known ahead of time, it is possible to do a thorough security analysis, and
then make informed decisions concerning what messages are allowed through
firewalls.
RPC places its commands in a known location, and SOAP doesn't even do that.
Both do not predefine the semantics of commands except via cooperating
client/server pairs, or by community-based standards that may not have the
benefit of wide review; there is certainly no guarantee that the semantics
will be defined by a community reviewed standard. Hence, in the general
case, security analysis is difficult or impossible, and it is hard to make
informed decisions concerning firewalls. Hence, an administrator of a
firewall would be tempted to just shut down SOAP, rather than deal with
evaluating the SOAP "interface of the week", and all of the technical
evaluation and trust issue involved.
- Jim
This archive was generated by hypermail 2b29 : Thu Aug 31 2000 - 11:08:46 PDT