An organization is creating a set of new services that are critical for their business. The project team prefers using REST for all services but is willing to use SOAP with common WS-* standards if a particular service requires it.
What requirement would drive the team to use SOAP/WS-* for a particular service?
SOAP would be used if the service must secure the service, requiring all consumers to submit a valid SAML token. While REST can potentially support SAML tokens, SOAP with WS-Security standards is more robust and well-established for handling such security requirements. Therefore, in scenarios where strict security protocols like SAML tokens are mandatory, SOAP would be the preferred choice.
REST – Assumes the application deals with communication failures via application retries SOAP with WS-ReliableMessaging – Builds acknowledgement/retry logic into the communications stack – Can provide end-to-end reliability through one or more SOAP intermediaries
Sounds like B is the most appropriate Because WS-ReliableMessaging includes acknowledgment and retry as part of the protocol A. SAML is “possible” with REST C. Specifications and formats can be provided in REST D. No restriction for XML/REST
A. SAML will force SOAP. SAML with REST specifications are still in approval process. SOAP WS Standards with SAML are quite well understood and used. Cannot be D because REST also has a schema that request response should adhere to. Just different format than XML Schemas. D would not mandate SOAP.
A. Must secure the service, requiring all consumers to submit a valid SAML token
It is more closure to D.
My answer is A. WS Security can be implemented using SAML. https://www.ibm.com/docs/en/app-connect/11.0.0?topic=security-ws