I cannot understand the 'SOAP and Security' discussion. Of course you can use SOAP with HTTP as transport to get through a firewall and it's stupid to make such a fuss about it. When you allow a system behind a firewall to communicate with arbitrary systems outside of the protected network, you can not limit its communication. SOAP just makes it easier for the average programmer to do this, but you can achieve the same thing with REST, emails or even DNS. A firewall may make it a little bit more inconvenient for a user to connect to the outside, for example you can prevent them from using Real Audio apps by blocking the appropriate ports. But if they really want to, they can - theoretically - stream the data over an DNS tunnel.
Beside monitoring, the only good reasons for a firewall are to
- block incoming connections to some or maybe even all ports, in order to prevent access to systems and/or protocols that the admin does not want to expose (e.g. X11, NFS, printers).
- in the case of application firewalls: make sure that no currupted data is sent, to exploit things like buffer overflows, and maybe to limit the capabilities of the protocol. For example an application firewall could prevent POST requests in HTML. This could be used to 'cripple' the server and turn off unused functionality that may be exploited otherwise. It's just another form of risc reduction.
- Block outgoing connections to ports, in order make it
inconvenient for users in the secure net to use certain
apps. This is more about telling users what they are allowed
than actually preventing it, unless you block all ports.
SOAP itself is not dangerous, and the code that handles SOAP requests is not more dangerous than any CGI script. The input and output just have a more restricted form which should make it rather more secure.
krfb/krdc: After the failure of the windows vncviewer port attempt I tried to port the UNIX vncviewer, with much more success. The thing, now called 'KDE Remote Desktop Connection' or krdc, is not very far from being complete. I am currently working on the fullscreen mode...