Print

Print


At 11:36 PM 12/2/98 +0000, Peter Flynn wrote:
>[...]
>I'm still not clear on why you're sending anything to a server.
>There's nothing to stop a client reading one XML file plus its XSL
>stylesheet ("transformation sheet") and creating a new document
>dynamically.

Don't know what this particular fellow has in mind, but we base a
business on sending XML files to the server (and getting XML files
back).

The notion may be generically labelled XML-RPC -- remote procedure
call with XML.  A client sends an XML document to the server.  That
document might represent a purchase order in some purchase order
doctype.  The server processes the document and returns a response,
which may also be in XML.  The response might be an XML document
containing a confirmation number and maybe an account balance.

Applications would be communicating in this way -- by posting XML
and receiving XML back.  There's no human in the picture.  XML turns
out to be ideal for this purpose because of how easily it rides on
HTTP and because of how easy it is to parse the XML to get at data.
(And because XML allows us to unambiguously label data constituents.)

>[...] I think a lot has to do with the security: I sure as
>hell don't want the world to have unrestricted write access to my
>server, but once you start passwording it, it loses its utility as a
>public service and enters the realm of the private service (where it;s
>very valuable, but by definition not as widely used).

Although you are thinking that posting XML is the same as archiving
(or storing the XML), the security issues still remain.  But then again,
businesses engaged in ecommerce transactions this way very much want
security -- this doesn't defeat the purpose.

>     ANY suggestions would be welcome. I figure this is something that will
>     become a FAQ question in the future as is one of the most typical uses
>     I can imagine for XML. By the way, I tried searching the FAQs for this
>     I could not find any help related to the topic.

To my knowledge (please enlighten me, somebody), HTTP does not provide
a way for the client to say what kind of data it wants in return.
However, the client may easily use the text/xml MIME type to identify
that posted data is in XML (this seems to be growing in popularity).
You might also have the server recognize <?xml version="1.0"?>.
--
Joe Lapp, Senior Engineer      (Looking for some good people to help
Core Technologies Team Lead     design and build new XML technologies.)
http://www.webMethods.com
[log in to unmask]         http://www.webmethods.com/company/employment