SOAP

SOAP (see below for name and origins) is a protocol for exchanging XML-based messages over computer networks, normally using HTTP/HTTPS. SOAP forms the foundation layer of the web services protocol stack providing a basic messaging framework upon which abstract layers can be built.

As a layman's example of how SOAP procedures can be used, a correctly formatted call could be sent to a Web Service enabled web site - for example, a house price database - with the data ranges needed for a search. The site could then return a formatted XML document with all the required results and associated data (prices, location, features, etc). These could then be integrated directly into a third-party site.

There are several different types of messaging patterns in SOAP, but by far the most common is the Remote Procedure Call (RPC) pattern, in which one network node (the client) sends a request message to another node (the server) and the server immediately sends a response message to the client. SOAP is the successor of XML-RPC, though it borrows its transport and interaction neutrality and the envelope/header/body from elsewhere, probably from WDDX.

The TCP/IP model (RFC 1122)

Application Layer

DHCP · DNS · FTP · Gopher · HTTP · IMAP4 · IRC · NNTP · XMPP · POP3 · RTP · SIP · SMTP · SNMP · SSH · TELNET · RPC · RTCP · RTSP · TLS (and SSL) · SDP · SOAP · GTP · STUN · NTP · BGP · RIP · (more)

Transport Layer

TCP · UDP · DCCP · SCTP · RSVP · ECN · (more)
Internet Layer
IP (IPv4 · IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more)
Link Layer
ARP · RARP · NDP · OSPF · Tunnels · Media Access Control · Device Drivers · (more)

This box: view • talk • edit

History

SOAP once stood for 'Simple Object Access Protocol' but this acronym was dropped with Version 1.2 of the standard, as it was considered to be misleading. Version 1.2 became a W3C Recommendation on June 24, 2003. The acronym is sometimes confused with SOA, or Service-oriented architecture; however SOAP is quite different from SOA.

SOAP was originally designed by Dave Winer, Don Box, Bob Atkinson, and Mohsen Al-Ghosein in 1998, with backing from Microsoft (where Atkinson and Al-Ghosein worked at the time), as an object-access protocol. The SOAP specification is currently maintained by the XML Protocol Working Group of the World Wide Web Consortium.


Transport methods

SOAP makes use of an Internet application layer protocol as a transport protocol. Critics have argued that this is an abuse of such protocols, as it is not their intended purpose and therefore not a role they fulfill well. Backers of SOAP have drawn analogies to successful uses of protocols at various levels for tunneling other protocols.[citation needed]

Both SMTP and HTTP are valid application layer protocols used as Transport for SOAP, but HTTP has gained wider acceptance as it works well with today's Internet infrastructure; specifically, HTTP works well with network firewalls. SOAP may also be used over HTTPS (which is the same protocol as HTTP at the application level, but uses an encrypted transport protocol underneath) in either simple or mutual authentication; this is the advocated WS-I method to provide web service security as stated in the WS-I Basic Profile 1.1. This is a major advantage over other distributed protocols like GIOP/IIOP or DCOM which are normally filtered by firewalls. XML was chosen as the standard message format because of its widespread use by major corporations and open source development efforts. Additionally, a wide variety of freely available tools significantly eases the transition to a SOAP-based implementation.

The somewhat lengthy syntax of XML can be both a benefit and a drawback. While it promotes readability for humans, facilitates error detection, and avoids interoperability problems such as byte-order (Endianness), it can retard processing speed and be cumbersome. For example, CORBA, GIOP, ICE, and DCOM use much shorter, binary message formats. On the other hand, hardware appliances are available to accelerate processing of XML messages. Binary XML is also being explored as a means for streamlining the throughput requirements of XML.


Technical critique

Numerous commentators and specialists have discussed the technical advantages and disadvantages of SOAP relative to alternative technologies, and relative to the context of its intended use.


Advantages

Using SOAP over HTTP allows for easier communication through proxies and firewalls than previous remote execution technology.
SOAP is versatile enough to allow for the use of different transport protocols. The standard stacks use HTTP as a transport protocol, but other protocols are also usable (e.g., SMTP).
SOAP is platform independent.
SOAP is language independent.
SOAP is simple and extensible.

Disadvantages

Because of the verbose XML format, SOAP can be considerably slower than competing middleware technologies such as CORBA. This may not be an issue when only small messages are sent. To improve performance for the special case of XML with embedded binary objects, Message Transmission Optimization Mechanism was introduced. Further, to improve the performance of XML in general, there are emerging non-extractive XML processing models, e.g., VTD-XML.
When relying on HTTP as a transport protocol and not using WS-Addressing or an ESB, the roles of the interacting parties are fixed. Only one party (the client) can use the services of the other. Developers must use polling instead of notification in these common cases.

Most uses of HTTP as a transport protocol are done in ignorance of how the operation would be modelled in HTTP[citation needed]. This is by design (with analogy to how different protocols sit on top of each other in the IP stack) but the analogy is imperfect (because the application protocols used as transport protocols are not really transport protocols). Because of this, there is no way to know if the method used is appropriate to the operation. This makes good analysis of the operation at the application-protocol level problematic at best with results that are sub-optimal (if the POST-based binding is used for an application which in HTTP would be more naturally modelled as a GET operation).
Tunneling over an inappropriate transport such as HTTP is disingenuous and counter-productive. A firewall attempts to enforce security policy. If the policy states that HTML (over HTTP) is OK but unknown protocols are not, then layering a remote procedure call mechanism through this is not secure and against the security policy. The choices are to use a new, well-known port and request it be opened for SOAP and other remote-invocation mechanisms, or the firewall is forced to get tougher about packet inspection.


Source: wikipedia.org