• To: Rich Salz <rsalz@d...>
• Subject: Re: What Does SOAP/WS Do that A REST System Can't?
• From: Mark Baker <distobj@a...>
• Date: Thu, 14 Apr 2005 00:00:17 -0400
• Cc: "xml-dev@l..." <xml-dev@l...>
• In-reply-to: <Pine.LNX.4.44L0.0504132234140.16250-100000@s...>
• References: <3f1451f50504131322584d1611@m...> <Pine.LNX.4.44L0.0504132234140.16250-100000@s...>
• User-agent: Mutt/1.5.6+20040907i

On Wed, Apr 13, 2005 at 10:54:26PM -0400, Rich Salz wrote:
> As I understand it, HTTP auth is somewhat extensible.  A client
> can make a request, and the server can respond with a challenge.
> The client uses that challenge to authenticate itself, re-issue
> the request, and verify the server's identity.
> 
> How can the client get the server's identity before sending any
> "real" data?  A well-known URI or a new method? How can the server
> challenge the client to prove it's identity without requiring state
> on the server?
> 
> I believe the very statelessness of HTTP and REST makes it
> impossible.

Architectural constraints such as statelessness, are constraints on
form, not function; what you're talking about *is* possible.  The
issue will be whether the larger message size in the stateless
solution will be acceptable or not.  How much state are you're talking
about?

Mark.
-- 
Mark Baker.   Ottawa, Ontario, CANADA.        http://www.markbaker.ca

• Follow-Ups:
  • Re: What Does SOAP/WS Do that A REST System Can't?
    • From: Rich Salz <rsalz@d...>

• References:
  • Re: What Does SOAP/WS Do that A REST System Can't?
    • From: Joe Gregorio <joe.gregorio@g...>
  • Re: What Does SOAP/WS Do that A REST System Can't?
    • From: Rich Salz <rsalz@d...>

• Prev by Date: Re: What Does SOAP/WS Do that A REST System Can't?
• Next by Date: Re: What Does SOAP/WS Do that A REST System Can't?
• Previous by thread: Re: What Does SOAP/WS Do that A REST System Can't?
• Next by thread: Re: What Does SOAP/WS Do that A REST System Can't?
• Index(es):
  • Date
  • Thread