Oh, what a tangled web...
DotSec professionals are increasingly supporting the design, deployment and review of web services. Interestingly however, the term "web services" is often used inconsistently, and its meaning often depends upon the situation and the person using the term.We attempt to use the following two terms consistently:
- The term, "web applications" describes applications that use HTTP as the (application-layer) transport protocol, and whose operations have no other semantics aside from those defined by the POST, PUT, DELETE and GET HTTP methods. Accordingly, "web applications" often have human clients who interact with the application using a web browser; the application itself is usually based on a web server, servlet engine, etc., but may also include a middle tier (based on J2EE, CORBA or .Net, for example) and a data tier.
- The term, "web services" describes applications that also use HTTP as the (application-layer) transport protocol, but whose operations have application-dependent semantics in addition to those defined by the POST, PUT, DELETE and GET HTTP methods. "Web services" do not usually have human clients, although a human user may be the original initiator of some action (such as a HTTP POST) that results in the subsequent invocation of the web service method.
[Continue > ]
[ < Back to Services]