Hi NG, I have been doing some serious considerations about implementing authentication in SOAP. It strikes me that the must used way is by letting the webserver deal with this. For various reasons I think this is a big mistake. 1) The hole idea behind SOAP is platform and programming language independence in its broadest sense. relying on the webserver to handle authentication breaks the independence. 2) SOAP is based on, by using XML-schema's, a strongly type typing system which is far more suited for dealing with security than the HTTP protocol. 3) A SOAP service should be shelf sufficient. Eg. all application specific stuff should be handled by the application and not rely on the transportation and/or network layer. Any one here having some comments? PS. I will open another thread with my suggestion for a practical solution. -- Hilsen/Regards Michael Rasmussen http://keyserver.veridis.com:11371/pks/lookup?op=get&search=0xE3E80917 -- PHP Soap Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
