The SOAP protocol links internet applications 
running on a wide variety of platforms, using XML messages.  
It delivers functionality like that of remote procedure calls 
(RPC) but much less efficiently.  
Microsoft supports the use of DCOM, 
its primary protocol for inter-application communication, over SOAP.  
SOAP can use (be 'bound' to) a variety of underlying protocols. 
The original (and still in 2004 most prevalent) binding was to HTTP.

As a Microsoft source puts it in [2413],
"Remote objects can give a program almost unlimited power over the Internet, 
but most firewalls block non-HTTP requests. 
SOAP .... gets around this limitation to provide 
intraprocess communication across machines."

[2413]
http://www.microsoft.com/mind/0100/soap/soap.asp
SOAP: The Simple Object Access Protocol
Aaron Skonnard








Bruce Schneier analyzes a Microsoft rationale for SOAP [0987] as follows [2413].
"Those pesky firewalls prevent applications from sending commands to each other, 
so SOAP lets vendors hide those commands as HTTP so the firewall won't notice."

A serious enclaving policy will not allow SOAP and its outward use
should be identifiable as HTTP exfiltration.

[0987] 
CRYPTO-GRAM
June 15, 2000
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
http://www.counterpane.com