Re: SOAP-RPC and REST and security

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: xml-dev@l...
Subject: Re: SOAP-RPC and REST and security
From: Gavin Thomas Nicol <gtn@r...>
Date: Wed, 20 Feb 2002 17:32:27 -0500
In-reply-to: <D7155AD41ECFD511AF4A00B0D0202CB51DFE12@MAILHOST>
Organization: Red Bridge Interactive, Inc.
References: <D7155AD41ECFD511AF4A00B0D0202CB51DFE12@MAILHOST>

On Wednesday 20 February 2002 04:33 pm, Michael Brennan wrote:
> > I talked to an EJB expert about REST. We were talking about
> > security models. I described how REST has a natural ACL or
> > capabilities model. What's the natural model of RMI (which is
> > basically OO RPC with class distribution)?

An RPC {host,method) pair is roughly akin to a capability...  in fact 
in one of our products we use this id to protect method calls over RMI.

That said, both the above and REST are flawed as a capability-based 
system because of the arbitrary discoverability holes.

References:
- RE: SOAP-RPC and REST and security
  - From: Michael Brennan <Michael_Brennan@A...>

Prev by Date: RE: Re: [namespaceDocument-8] 14 Theses
Next by Date: Re: SOAP-RPC and REST and security
Previous by thread: RE: SOAP-RPC and REST and security
Next by thread: RE: SOAP-RPC and REST and security
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >