I often see discussions comparing REST versus SOAP.
REST interactions are usually handled by the Web Server while by definition Web Services using SOAP are initial requester to ultimate provider interactions and the proxies and intermediate servers should be transparent. This is particularly true when using WS-Security with Signature and Encryption as only the destination application should decrypt and verify signature.
The following picture shows the SOAP and REST interaction on an OSI layer representation. See below this picture how to get both of both worlds using the WS-Transfer standard.
Now there is an easy way to get best of both worlds which is to use WS-Transfer standard where the payload is Resource Centric.
You can then get the benefit of the full protection and end to end encryption and signatures that do not stop at Web Server and get the flexibility of a Resource Centric approach.
WS-Transfer is recommended by several governments and organizations such as PEPPOL Pan European Procurement Online Protocol
- Resources factories
2 operations to send and receive representation of a resource
2 operations for creating and suppressing a resource and its corresponding representations