views:

190

answers:

2

Hi guys, I would like to ask you for your opinion. It's about solution for our new project. see the details below.

Problem summary - our webapp integrated into client website, as simple as possible integration - need technology independent on environment, possibly only xml, html, javascripts - most of data provided by web services on our side (we are using Net 2.0 or 3.5) - keep security on high level,it includes payments (we are using https as minimum) - no data saved on client side (saved on our side in db), except some config data

So what you think... - Is good idea that we use only web services? - Should we use some kind of remoting (e.g CSLA objects)? then we depends on technology (Net, csla), don't we? - Can we assure enough security as we deal with online payments (e.g. PayPal)?

Any constructive comments most welcome and appreciated.

Cheers, X.

+1  A: 

Use XML/JSON for data interchange to avoid platform lock-in of RPC/Remoting.

Consider using REST web-services instead of SOAP to keep read-only operations as simple as possible.

Keep the payments processes separate to be able to offer basic services without SSL.

Tahir Akhtar
+1  A: 

I would not use REST since is not as secure, unless you're not transmitting sensitive data. I would use SOAP based web-services over SSL for the payment processing.

Ricardo Villamil
Can you elaborate a bit on what makes SOAP more secure than REST. SSL can be used with both REST and SOAP alike.
Tahir Akhtar
http://www.vordel.com/downloads/rsa_conf_2006.pdf
Ricardo Villamil