- Understanding SOAP FAQs
- How do I invoke a method on a server when I'm using SOAP?
- Do M-POST calls have to occur before POST calls?
- When I'm using XML in SOAP, do I have to use namespaces?
- What happens when a method call has been requested?
- What are the values in a SOAP payload?
- What could cause the performance of a SOAP call to degrade or suffer?
- What kind of security does SOAP implement?
- When using SOAP, how do I implement a simple API for XML?
- How will SOAP impact .Net application development?
- How is ASP+ used when creating web services?
- How do I validate SOAP-based XML using a schema?
- When using SOAP, what is the most efficient way to access services from a client over the Internet?
What kind of security does SOAP implement?
Because SOAP is a wire protocol, SOAP does not implement security. However, SOAP can use the HTTP protocol, allowing you to potentially employ application-level security coupled with secure sockets or HTTPS. SOAP also mandates the use of the SOAPAction HTTP header field, which allows your firewall (or equivalent technology) to filter SOAP method invocations or deny SOAP processing entirely. Your firewall would examine the SOAPAction header and filter the SOAP packet based upon the object name, the particular method (remotable or not), or a combination of the two.
Source: This FAQ is excerpted from Understanding SOAP by Kennard Scribner and Mark C. Stiver (2000, Sams, ISBN 0672319225). Refer to this book for more detailed information on SOAP.