Saturday, December 16, 2006

Request/response trickery

From Don Park, a description of how Skype fools firewalls into allowing inbound messages by convincing the firewall that the request is actually a response to a previously sent request.

Feels sort of like SAML's PAOS (SOAP backwards) binding, in which
  1. The client requests a service using an HTTP request.
  2. The service provider responds with a SAML authentication request. This is sent using a SOAP request, carried in the HTTP response.
  3. The client returns a SOAP response carrying a SAML authentication response. This is sent using a new HTTP request

Tags: , ,

No comments: