Firewall Wizards mailing list archives
RE: Soap - Was RPCs over HTTPS through the firewall
From: "Dick Brooks" <dick () tech-comm com>
Date: Fri, 2 May 2003 09:46:14 -0700
And people say security folks have no sense of humor... Seriously, SOAP 1.1 [1] doesn't specify any security functions, but instead relies on the underlying "carrier", in this case HTTP(S), to provide access control (basic authentication) and transport level confidentiality (SSL). If you are using SOAP with Attachments [2] then you can also sign/encrypt your business data using PGP or S/MIME. It's also possible to stuff a S/MIME or PGP encrypted/signed document into a SOAP body element, but this requires "special" handling using base64 and can get quite ugly. The bottom line, IMO, security functions can be added to SOAP 1.1, but SOAP itself doesn't define specific security characteristics. Interoperability is another challenge when you combine security functions with SOAP. [1] http://www.w3.org/TR/SOAP/ [2] http://www.w3.org/TR/SOAP-attachments Regards, Dick Brooks Independent Consultant B2B Integration and Cyber Security Mobile:602-684-1484 eFax:240-352-0714 -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Mason Schmitt Sent: Friday, May 02, 2003 7:58 AM To: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Soap - Was RPCs over HTTPS through the firewall On Fri, 2003-05-02 at 06:52, Marcus J. Ranum wrote:
Mason Schmitt wrote:What I'm curious about is whether the members of this list have any concerns with soap as a method of doing RPC and whether there are any firewall concerns.No concerns - Soap is from Microsoft, so it's OK. Remember, Microsoft got serious about security last year, and fixed all the flaws in thier code. I think they spent a whole month or something like that doing it. I'm sure that Soap's fine, now.
I'm sure that a month is more than enough time to bring the whole windows family up to an acceptable level of security... Look at how they solved the attachment issue in outlook - just don't allow people the option of receiving attachments. Grrr... All joking aside though, didn't soap grow out of XML RPC? Not that that necessarily means anything from a security standpoint... I'm just wondering if anyone has any caveats concerning soap that I may be missing. Mason _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Soap - Was RPCs over HTTPS through the firewall Mason Schmitt (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Marcus J. Ranum (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Mason Schmitt (May 02)
- RE: Soap - Was RPCs over HTTPS through the firewall Dick Brooks (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Chuck Swiger (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Dave Piscitello (May 13)
- Re: Soap - Was RPCs over HTTPS through the firewall Mason Schmitt (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Crispin Cowan (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Jim Seymour (May 03)
- Re: Soap - Was RPCs over HTTPS through the firewall Dan Schlitt (May 03)
- Re: Soap - Was RPCs over HTTPS through the firewall Barney Wolff (May 04)
- Re: Soap - Was RPCs over HTTPS through the firewall Bill Royds (May 04)
- Re: Soap - Was RPCs over HTTPS through the firewall Barney Wolff (May 04)
- Re: Soap - Was RPCs over HTTPS through the firewall Jim Seymour (May 03)
- Re: Soap - Was RPCs over HTTPS through the firewall Marcus J. Ranum (May 02)
- <Possible follow-ups>
- RE: Soap - Was RPCs over HTTPS through the firewall Behm, Jeffrey L. (May 02)
- RE: Soap - Was RPCs over HTTPS through the firewall Rabinowitz, Ari (Exchange) (May 04)