> This leads to some strange specifications though > such as WS-RM, which is basically intended to fix a > reliability issue with HTTP, and is not really > useful for communication protocols that are already > reliable.
I thought the purpose of WS-RM was to specify end-to-end reliability semantics that might cross several communication protocols. This is, I believe, the same argument that advocated TCP as an end-to-end reliable protocol, even though some existing data link protocols already had reliability. > The Web of documents, as > REST is usually called within the W3C community, may > be great for publishing and distributing corporate > data but not so great for updating it or securing > access to it. I'm curious how the current security approaches (XML Enc, DSig, XACML, SAML, etc.) are somehow not applicable to HTTP and URI based schemes, particularly considering the work SAML has done to interoperate with HTTP with the Browser/POST profile. Further, TLS is a pretty solid option (except when dealing with multiple-legacy-protocol scenarios that don't leverage TLS). One reason that "HTTP isn't enough" arguably is the variety of standards out there for assertions, authentication, authorization, etc., and the resulting combinations that you could apply those technologies requires some kind of interoperability profile. But the lack of one seems to be more of a lack of will at the WS-I rather than a technological limitation of HTTP. Perhaps this is the end of the discussion (unless popular HTTP-based services start to adopt approaches like SAML as a supplement). HTTP's major limitations, to me, appear to be related to its ability to handle unsolicited event notification, lack of built-in support for retries & duplicate detection needed for store & forward reliability (hence WS-RM), its verbosity and assumption of reliable transport which may not be applicable when dealing with local area communication, low bandwidth or extremely low-latency use cases. These are serious limits in some contexts (financial trading systems, telecom switch control) but likely not in others (business document exchange). Cheers Stu __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ Yahoo! Groups Sponsor --------------------~--> Something is new at Yahoo! Groups. Check out the enhanced email design. http://us.click.yahoo.com/SISQkA/gOaOAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
