An Overview of SOAP
SOAP is an XML-based protocol for exchanging information in a decentralized, distributed environment. It was made for Web, a combination of XML and HTTP opens up new options for distributed data exchange and interaction in a loosely coupled web environment. SOAP is a technology that allows XML to move easily over the Web. SOAP does this trough an XML envelope for delivering XML content and specifying a set of rules for services to follow when they receive a SOAP message.
The fundamental change brought about by SOAP has been the ability to move data anywhere across the Web. Before SOAP there were only two main options for moving data between partners.
One was to build a wide area network spanning a broad geographic region and let the partners plug into it. This was the approach taken by EDI, which defined messages and protocols for data transfer but left the network details up to the partners. The result was a collection of networks that pretty much locked the partners in and made it difficult and expensive to reach out to other EDI networks and costly to bring in new partners.
The second approach for moving data between partners was to build a distributed object infrastructure than ran over the internet. This was the approach taken by Common Object Request Broker (CORBA), Remote Method Invocation (RMI) and Distributed Component Object Model (DCOM). The problem was that each had to decide on a protocol that could sit on top of TCP/IP and handle inter object communication. CORBA Chose Internet Inter-ORB Protocol (IIOP), DCOM chose object Remote Procedure Call (ORPC), and RMI chose Remote Method Protocol (JRMP). While this approach reduced the need to share the same underlying network, the drawback was that CORBA could talk to CORBA, RMI to RMI and DCOM to DCOM, but they neither could talk to each other nor directly to the web except through special sockets that required adding extra layers to an already
SOAP the third option, combines the data capabilities of XML with the transport capabilities of HTTP, there by overcoming drawbacks of both EDI and tightly coupled distributed object system such as CORBA, RMI and DCOM.
It does this by breaking dependence between data and transport and in doing so opens up a new era of loosely coupled distributed data exchange.
XML-RPC does remote procedure call over internal to connect different servers.
XML-RPC depends on HTTP to move data from one server to another, it only defines an XML vocabulary that specifies the name of some piece of code to execute remotely and any parameters the code might need.
Skeleton SOAP Message
Faultcode: SOAP defines a set of faultcodes for basic SOAP errors, although an application may provide its own codes.
Faultstring:This element provides a readable explanation as to why the fault occurred.
Detail: The value of the detail element is that it provides information about the problem that occurred
while processing the Body element. If not present, it indicates that the problem did not occur in the body of the SOAP message.
SOAP with Attachments
SOAP delivers not only XML but also other related documents
such as DTDs, schema, Unified Modeling Language diagrams, faxes, public and
private keys and digests that may be related to the XML. SOAP relies on the
existing rules for HTTP attachments to deliver auxiliary data with a primary
SOAP message, allowing a SOAP message to reference the attachments.
The SOAP attachments document defines a binding for a SOAP
message to be carried within a Multi-purpose Internet Mail Extension (MIME)
multipart/related message in such a way that processing rules for the SOAP
message are preserved. The multipart mechanism can be used to bundle entities
related to the SOAP message, such as attachments.
SOAP and Firewalls
SOAP uses port 80 as a double-edged sword. While an open
port 80 makes SOAP messaging possible, it also makes system managers nervous
about incoming SOAP traffic, since SOAP messages traveling on port 80 bypass
the protection afforded by firewalls. SOAP messages can contain XML-RPC
commands to execute code on the server, which requires caution to protect the
server, which requires caution to protect the server from unwanted attacks, the
form of which is difficult to anticipate.
It should be noted that while XML-RPC calls can easily pass through firewalls, XML-RPC distinguishes itself from the other server traffic by including a header element that specifies content type as text/xml. This at least alerts the server and associated firewalls software that XML is being posted to the server.