In this Cyrpto-Gram:
Microsoft has made so many empty claims about their security processes — and the security of their processes — that when I hear another one I can’t help believing it’s more of the same flim-flam.
Of course, later on he says Implementation of Microsoft SOAP, a protocol running over HTTP precisely so it could bypass firewalls, should be withdrawn. I think that Dave Winer would have something to say about this. There is no such thing as “Microsoft SOAP” and there are SOAP implementations that don’t rely on Microsoft software. (The wonderful SOAP::Lite is an awesome example.) Yes, the designers of SOAP shouldn’t think that SOAP is great because it can get past firewalls. It can’t. I couldn’t get out of the Navy’s firewall with SOAP when I was at the JRB and they allowed HTTP.
But, SOAP is great for other reasons. The “S” stands for “Simple” and, often, it is.
But I forgive Bruce Schneier (yes, I know, how magnanimous of me) for his overreaching on SOAP because of this great quote later on about Oracle:
“Unbreakable” has a meaning. It means that it can’t be broken. It doesn’t mean “Unbreakable, except by people who know how to break things.”