Re: Roger's Rules for Web Services

[Soactive Inc]

I would interpret this to mean that it may be a bad practice to invent your own custom headers (could SOAP or HTTP) that someone is not familar with or is not a standard. That said, I agree that any security/access-related info needs to be part of the SOAP headers (WS-Security/SAML, etc.) or HTTP headers (Basic Auth) but NOT the body/payload.

-Arun

On 11/16/05, Paul Barry <[EMAIL PROTECTED]> wrote:

What do you think of this comment?

But don't get too creative and stuff names and passwords into cute
spaces in headers and such. The more you get inventive here, the
harder it is for others to use the services.

First of all, is he referring to HTTP headers or SOAP headers.
Assuming SOAP headers, if you are using the "user name and password in
every call" style, wouldn't it make sense to include that in the SOAP
header rather than the body?  or is that a bad idea?

On 11/13/05, Anne Thomas Manes <[EMAIL PROTECTED]> wrote:
> Great article by Roger Sippl:
>
>   http://www.sdtimes.com/article/special-20051101-01.html
>