Joe Plautz wrote:
Yes it was. It's something the carries application specific information as well as customer and user specific information. It's not great by any means, but it doesn't allow access either. But, by doing it this way, I've tried to keep the services as more of one time shots. Not as something that needs to be called over and over again in rapid succession.
Vikas Phonsa wrote:
Hi Joe,
Thanks for your answer. Could you elaborate a little bit about the authentication object? Was that part of the SOAP message?
Guys this is what WS-Security is for! The reason to use SOAP as a framing protocol is to leverage orthogonal/cross-cutting features like security, reliablity, trust, addressing in standard ways. Baking security features into your application messages may be expedient but is not the direction this industry is going in.
Jim
