Request/response trickery

From Don Park, a description of how Skype fools firewalls into allowing inbound messages by convincing the firewall that the request is actually a response to a previously sent request.

Feels sort of like SAML's PAOS (SOAP backwards) binding, in which

1. The client requests a service using an HTTP request.
2. The service provider responds with a SAML authentication request. This is sent using a SOAP request, carried in the HTTP response.
3. The client returns a SOAP response carrying a SAML authentication response. This is sent using a new HTTP request

Tags: Skype, SAML, PAOS