83 messages in org.w3.www-tagRE: FW: draft findings on Unsafe Meth...
FromSent OnAttachments
Dan ConnollyApr 15, 2002 8:50 am 
Larry MasinterApr 15, 2002 1:44 pm 
David OrchardApr 15, 2002 3:01 pm 
David OrchardApr 15, 2002 3:19 pm 
Mark BakerApr 15, 2002 8:00 pm 
Keith MooreApr 15, 2002 8:37 pm 
Scott CantorApr 15, 2002 9:28 pm 
Edwin KhodabakchianApr 15, 2002 9:34 pm 
David OrchardApr 15, 2002 10:18 pm 
Paul PrescodApr 15, 2002 11:17 pm 
Tim BrayApr 15, 2002 11:32 pm 
Mark NottinghamApr 16, 2002 1:01 am 
Tim BrayApr 16, 2002 1:02 am 
Mark NottinghamApr 16, 2002 1:09 am 
Paul PrescodApr 16, 2002 2:11 am 
Paul PrescodApr 16, 2002 3:02 am 
Mark BakerApr 16, 2002 4:54 am 
Williams, StuartApr 16, 2002 8:22 am 
Keith MooreApr 16, 2002 8:32 am 
jon...@research.att.comApr 16, 2002 8:44 am 
Scott CantorApr 16, 2002 8:55 am 
Paul PrescodApr 16, 2002 9:40 am 
Mark NottinghamApr 16, 2002 9:42 am 
Hutchison, NigelApr 16, 2002 9:43 am 
Henrik Frystyk NielsenApr 16, 2002 10:48 am 
Bullard, Claude L (Len)Apr 16, 2002 1:46 pm 
Larry MasinterApr 16, 2002 6:39 pm 
Roy T. FieldingApr 16, 2002 7:54 pm 
Larry MasinterApr 16, 2002 10:10 pm 
Graham KlyneApr 17, 2002 1:54 am 
Paul PrescodApr 18, 2002 12:33 am 
Graham KlyneApr 18, 2002 9:11 am 
Alex RousskovApr 18, 2002 9:30 am 
Paul PrescodApr 18, 2002 9:45 am 
Graham KlyneApr 18, 2002 11:58 am 
Roy T. FieldingApr 18, 2002 3:11 pm 
Don BoxApr 18, 2002 6:28 pm 
Mark BakerApr 18, 2002 8:50 pm 
Keith MooreApr 18, 2002 8:54 pm 
Paul PrescodApr 18, 2002 10:00 pm 
Graham KlyneApr 19, 2002 12:53 am 
Bill de hÓraApr 19, 2002 4:18 am 
Roy T. FieldingApr 19, 2002 1:20 pm 
Anne Thomas ManesApr 22, 2002 3:23 pm 
Paul PrescodApr 22, 2002 4:01 pm 
Anne Thomas ManesApr 22, 2002 8:17 pm 
Paul PrescodApr 22, 2002 10:21 pm 
Anne Thomas ManesApr 23, 2002 5:36 am 
Paul PrescodApr 23, 2002 12:03 pm 
Paul PrescodApr 23, 2002 2:09 pm 
Roy T. FieldingApr 23, 2002 2:14 pm 
Bullard, Claude L (Len)Apr 23, 2002 2:50 pm 
Joshua AllenApr 23, 2002 2:53 pm 
David OrchardApr 23, 2002 4:14 pm 
Keith MooreApr 23, 2002 5:05 pm 
Roy T. FieldingApr 23, 2002 5:14 pm 
Simon St.LaurentApr 23, 2002 5:18 pm 
Larry MasinterApr 23, 2002 6:31 pm 
Mark BakerApr 23, 2002 6:36 pm 
Paul PrescodApr 23, 2002 8:03 pm 
Tim BrayApr 23, 2002 8:30 pm 
Dan ConnollyApr 23, 2002 9:05 pm 
Joshua AllenApr 23, 2002 9:10 pm 
Anne Thomas ManesApr 23, 2002 9:28 pm 
Mark NottinghamApr 23, 2002 9:42 pm 
Jeff BoneApr 23, 2002 9:42 pm 
Joshua AllenApr 23, 2002 10:02 pm 
Paul PrescodApr 23, 2002 10:05 pm 
Joshua AllenApr 23, 2002 10:27 pm 
Joshua AllenApr 23, 2002 10:38 pm 
Mark NottinghamApr 23, 2002 10:57 pm 
Mark NottinghamApr 23, 2002 11:16 pm 
Joshua AllenApr 23, 2002 11:20 pm 
Dan ConnollyApr 23, 2002 11:23 pm 
Tim BrayApr 23, 2002 11:56 pm 
Bullard, Claude L (Len)Apr 24, 2002 7:23 am 
Larry MasinterApr 24, 2002 8:47 am 
Keith MooreApr 24, 2002 10:46 am 
Bullard, Claude L (Len)Apr 24, 2002 10:56 am 
Aaron SwartzApr 24, 2002 11:27 am 
Mike DierkenApr 24, 2002 12:06 pm 
David OrchardApr 25, 2002 10:54 am 
Roy T. FieldingMay 5, 2002 3:38 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:RE: FW: draft findings on Unsafe Methods (whenToUseGet-7)Actions...
From:Anne Thomas Manes (an@manes.net)
Date:Apr 22, 2002 3:23:59 pm
List:org.w3.www-tag

All,

Sorry that I've taken so long to reply to this thread.

Going back to the beginning, I concur with Dave that the issue of GET/POST in Web services has nothing to do with safe and unsafe.

In reference to Paul comments (see below), it's not true that "every bit of information on the Web should have a URI address". There's lots of discrete information on any random Web page that doesn't have a unique URI. It is true that every Web *resource* has a URI. I view a Web service as a Web resource, and hence every Web service should have a URI. (I think we've made this association in our Web service definition statement.) If you attempt to perform a GET on most Web service URIs, you usually get a WSDL description back. Doesn't this qualify as "a clear statement of how to dereference addresses to retrieve information"? I believe that SOAP supports both of the requirements that Paul stated to qualify as a Web protocol.

In reference to Mike and Nigel's comments regarding SOAP caching, I have to side with Don Box. I'd much rather buy a new SOAP-aware Web services router/cacher than force my users to express sensitive application information in a URL. (What if I need to encrypt the data that I'm sending to the service?) See also Mark Nottingham's comments on the viability of Web service caching based on REST. More to the point -- how do I specify a purchase order (which is a pretty common example of a SOAP input message) in a URL? If you view SOAP as only an RPC, then you're ignoring a significant use of SOAP.

Some may view the mis-use of POST as morally wrong, but as a group representing its members, W3C needs to accomodate the wishes of its members. Mark Baker is way off base when he said that RPC "has repeatedly demonstrated its inability to be deployed on the Internet". SOAP RPC is being used quite successfully right now. My customers could care less whether SOAP over HTTP POST is conforment with what some are now trying to define as "the Web architecture". They just want something that works, and SOAP over HTTP POST works.

If W3C follows a path that defines the "Web architecture" as being equal to the REST architecture, it will force the W3C working groups to abandon use of SOAP over HTTP POST. This will cause an unacceptable delay in the standardization of SOAP. Next we'll find that very few vendors will adopt the new standards, and customers will be very happy to use products based on SOAP 1.1 and WSDL 1.1. This path will lead W3C into obscurity, and WS-I will become the de facto Web services standardization group.

It's not that I don't think REST is interesting, it's just that the REST architecture and the current Web Services architecture (based on SOAP 1.1) are fundamentally different, and we can't attempt to force such a significant change on technology that's being successfully used today.

I think it's a great idea to develop a new model for Web services based on the REST architecture (although we may want to call them REST services or something else). Just don't let REST interfere with the release of SOAP 1.2 and WSDL v.next.

Respectfully,

Anne Thomas Manes CTO, Systinet

-----Original Message----- From: xml-@w3.org [mailto:xml-@w3.org]On Behalf Of Paul Prescod Sent: Tuesday, April 16, 2002 6:03 AM To: David Orchard Cc: www-@w3.org; xml-@w3.org; www-@w3.org Subject: Re: FW: draft findings on Unsafe Methods (whenToUseGet-7)

David Orchard wrote:

...

My belief is that the web has been based upon a shared information space, primarily through use of GET/POST methods. However, as we move towards more machine to machine oriented communications, with arbitrary payloads of XML, and it's focus on update/service oriented architectures, the need for a public contract for safe actions is dramatically reduced. ...

I disagree with your statement of the issue. It isn't about a public contract for safe operations, it is about addressability. Given:

1 every bit of information on the Web should have a URI address

2 given an address, a client must be able to derference it to get a representation of the information item.

This implies to me that every "web protocol" that exposes information needs

a) an addressing mechanism and

b) a clear statement of how to dereference addresses to retrieve information.

If you invented a soap:// addressing mechanism, then the need for SOAP-on-GET would be greatly reduced. But until SOAP has a) and b), I don't see how it can be any more a "Web protocol" than DHCP or POP is.

Paul Prescod