W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2003

Re: [BH] First (Very Rought) Outline of Beyond HTTP

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 15 May 2003 17:22:02 -0400
To: Patrick.Hung@csiro.au, public-p3p-spec@w3.org
Message-Id: <200305151722.02921.reagle@w3.org>

On Thursday 15 May 2003 03:20, Patrick.Hung@csiro.au wrote:
> Hi Joseph, Based on the Registrar2Registry example discussed so far, I
> simply create the SOAP messages as follows:

Ok! Various tweaks to those files are now included in 
  new revision: 1.12
I've also done some re-org, and make sure that all XML is well-formed, and 
most all of it is valid as well -- just haven't check the SOAP messages.

> Again we are trying to introduce an extensible element for SOAP header,
> or you have any other idea.

Not sure, in your message I would read that header as the registrar 
(service) representing the policy associated with data (*transfer* along 
the SOAP exchange) to the registry (recipient service). (There's also a 
question of how the registrar knows the registry's policy which I want to 
explore a little further -- it can be out of band, I just want to document 
the issue)  But in order.xml I included the Privacy element as a child of 
the OrderInfo element, so it's like a "tag" associated with the data (at 
the application layer) for clarity. What does it mean when such a tag is 
provided in a SOAP header versus the actual application data? (We need to 
dig into the semantics of a SOAP envelope.)

> Once we have all these protocols, we can start to discuss about the
> issues of intermediaries and
> ltimate SOAP receiver for the section "Transferring to a third party."

From the reorg perhaps you can see that I wasn't planning on introducing 
another party... Granted, the present scenario isn't a proper "SOAP 3-way 
intermediary" because our first leg was mediated by XForms/HTTP, but I 
think that's ok. The important thing for me is to explore the three 
1. The Scope of the P3P Service Provider and Recipients (given their P3P 1.0 
2. The Scope of Layers and Bindings (HTTP and SOAP) -- I'm pretty confident 
we've ruled WSDL and UDDI as orthogonal/optional.
3. This question of should a privacy "taggit" be in the SOAP header, or with 
the application data, or both? (I don't think "taggit" is a word, but a 
while ago I heard that gunpowder has little identifying particles in it 
that can be used with forensics, and I remembered someone proposing that 
the policy should also "follow" the solicited data. I just can't remember 
the name."

How's that sound? And yes, we've made great progress, we're approaching the 
point where it'd be good to explore the scenario with a web service guru 
who could tell us how confused we are. <smile/>
Received on Thursday, 15 May 2003 17:23:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:02:17 UTC