Originally posted by M.K.A. Monster:
Also nice to think about is the exchangeability of WebServices. When you're using CORBA, it can happen, that CORBA stubs aren't as exchangeble between other that Java en C++ applications as they say they should be.
XML Webservices are so open. It is easy to build options in for example your own programminglanguage to support webservices. The XML format is way too open to compare with CORBA I think.
Regards,
Mark Monster
Originally posted by Lasse Koskela:
Thanks for the link. However, it didn't do much because I am already aware of the principle of XML digital signatures. What I'm after is a "shrink-wrapped" library for signing a given XML document (a specified part of it) so that I don't have to hand code that logic. And the same for reading the signature, of course.
Originally posted by Lasse Koskela:
Well, as Web Services are basically about transferring XML messages over HTTP (mostly), there should be few new vulnerabilities when compared to plain HTTP requests.
However, there are some points to consider for the paranoid... The fact that Web Service interfaces are publicized with UDDI makes it easy for a black-hat to figure out where to send requests and how should the request look like, etc. These "dangers" are real only if the designer gets sloppy with security.
What's more of a problem is the propagation of identity and information in a workflow where several enterprises take part in fulfilling a request. On the other hand, those problems are not due to Web Services per se.
Originally posted by Rama Raghavan:
Welcome Mark..
What kinda of additives/bells and whistles has Microsoft added to web services that is over and beyond the call of the standards/protocol?
With a known history (unfortunately), always wonder what holes Microsoft leaves open on this front..
Rama
Originally posted by Stanley Tan:
Mark,
I'm using SOAP headers right now for authentication. I have a .NET Web service that exposes Web methods but requires a SOAP header to be passed along with the invocation. I've created a Java stub to the .NET Web service using AXIS and all is working fine until I call a method that requires a SOAP header. How do I go about specifying a SOAP header from a Java client that uses a stub generated from AXIS? Thanks for any input!
Stanley