Authentication: Theoretical thoughts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi NG,

I have been doing some serious considerations about implementing
authentication in SOAP. It strikes me that the must used way is by
letting the webserver deal with this. For various reasons I think this is
a big mistake.

1) The hole idea behind SOAP is platform and programming language
independence in its broadest sense. relying on the webserver to handle
authentication breaks the independence.
2) SOAP is based on, by using XML-schema's, a strongly type typing system
which is far more suited for dealing with security than the HTTP protocol.
3) A SOAP service should be shelf sufficient. Eg. all application specific
stuff should be handled by the application and not rely on the
transportation and/or network layer.

Any one here having some comments?

PS. I will open another thread with my suggestion for a practical solution.

-- 
Hilsen/Regards
Michael Rasmussen
http://keyserver.veridis.com:11371/pks/lookup?op=get&search=0xE3E80917

-- 
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Kernel Newbies]     [PHP Database]     [Yosemite]

  Powered by Linux