Re: how does one talk to a web service? What makes something a web
service?
Tom Anderson wrote:
There's some truth in that. But they'd have to really, really cock
it up before it was overcomplicated as the SOAP stack.
Mike Schilling wrote:
What's so complicated about SOAP?
Tom Anderson wrote:
Turning to specifics, though:
- What security do you mean other than HTTPS? Roles and stuff?
Mike Schilling wrote:
There's lots of reasons to do application-level security instead of
transport level. Roles is one. Another is to maintain a security
context across routers. A third is to map users across security
realms.
Digital signatures, message digests, ...
Application-level security can be most useful, and is orthogonal to transport
security. HTTPS, for example, cannot prove authenticity of origin nor provide
non-repudiability, particularly across security realms and routers as Mike
pointed out.
Tom Anderson wrote:
- What transports other than HTTP? If they're so important, why
isn't
anyone using SOAP over them? There are a vanishingly small number of
uses of SOAP over email, and some SOAP over JMS, but nothing else in
any serious way.
Mike Schilling wrote:
SOAP over JMS is used on a significant number of intranets.
Transactions that don't fail because one node is down can be crucial.
I've been involved in projects that do SOAP over JMS (e.g., IBM MQ).
Nice work when you can get it. Big budgets, steady work.
Tom Anderson wrote:
- Standard error handling sounds interesting; it's true that HTTP
error codes aren't exactly a rich vocabulary. What does SOAP have?
Mike Schilling wrote:
Faults, which contian arbitrary amounts of user-defied conent and map
naturally to exceptions.
I've done a bit of SOAP programming in Java, although I don't consider myself
expert. I found the modeling of messages to code to be pretty
straightforward, albeit somewhat trickier when one wants to be compatible for
clients across more than one programming domain (C# and Java, in my case).
--
Lew