OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Article About SOAP Security

>I found the article exceptionally annoying.

Keep in mind that Paul's essays tend to be designed to provoke and are
strongly worded. It's less an article than a mailing list or USENET
post. I've read articles by him (he links to one in fact) and they're
less provocatively written.

>In particular I am not sure that Tim B-L would agree that the
architecture
>of the Web is to be found in Roy Fielding's graduate thesis. If it is
then
>one wonders about the originality of the work in question :-)

You have the order more or less backwards. REST, I think, is about
attempting to capture the "goodness" of the web and why it works where
other technologies have failed. It's not prior art in the sense you
mean. I can't tell you what Tim B-L thinks, but I'd be surprised if he
doesn't see at least some of the problems the REST adherents see in
SOAP.

>I was not aware of the use of the term REST as a term of art during the
>development of HTTP and this is the first time I have seen an article
use
>it that was not written by Roy.

It won't be the last. It's become a very frequent occurrence on the XMLP
list originally because of Mark Baker, and it certainly figures strongly
in the TAG discussions. And speaking strictly for myself, it's a
compelling way of looking at the real value of the web for application
interactions. That's not to say there aren't a lot of really smart
people that think RPC is still viable (.NET is entirely RPC), but not
everybody does.

>I hardly think that Henryk Frystyk Nielsen needs lessons in the
>architecture of the Web from anyone as the article suggests and
>particularly not from the suggested source on the topic of security.

I wouldn't presume to know, but it seems to me that designing an RPC
protocol to intentionally tunnel invisibly through firewalls is a
terrible idea no matter whose it is, and he's not exaggerating that
point.

Anyone is free to find the article annoying, but I don't think it's
fundamentally wrong overall. YMMV. I do encourage even the skeptics to
at least look into REST before dismissing it. There's a wiki at
http://conveyor.com/RESTwiki/moin.cgi with a lot of information that at
the very least is good reading.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC