W3C home > Mailing lists > Public > www-ws-arch@w3.org > October 2002

RE: Potential issue around ws-security and wsdl definitions

From: David Orchard <dorchard@bea.com>
Date: Thu, 24 Oct 2002 15:59:38 -0700
To: <www-ws-arch@w3.org>
Message-ID: <00ca01c27bb1$0842f970$2d0ba8c0@beasys.com>

Here's my latest wording, based upon our consensus that we should say
something and Hal's input.

Dear OASIS WS-Security TC,

The W3C Web Services Architecture Working Group would like to express it's
concern around the lack of WSDL definitions for WS-Security elements in the
first version of the WS-Security product.  As a best practice, members of
the
web services architecture group believe that WSDL definitions should be part
of any specification of SOAP Modules.  We would like to encourage the
WS-Security group to take up this piece of work in the first version of it's
product.  It appears that the issue is not so much the "goodness" of such a
thing, rather the timing is the issue.  There are a variety of rationale for
including description in v1: 1) To ensure that the runtime aspects can be
described in a reasonable manner - it would be unfortunate if some headers
were difficult to describe in wsdl; 2) To promote interoperability - bodies
such as W3C and WS-I believe that interoperable descriptions are a
requirement to interoperability.

We were made aware of the significant range of possible description.  We
don't
think it appropriate to venture into your domain and make a recommendation
as
the extent of descriptions that should be provided - such as trusted
authorities, etc.
However, it is of our opinion, though we could easily be mistaken, that a
simple
description of the required WS Security elements in a given message is
probably
doable in a reasonably short time frame.  We are certainly not advocating a
large
(year or more) delay in schedule.

On behalf of the W3C Web Services Architecture Working Group,
Dave Orchard


> -----Original Message-----
> From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
> Behalf Of David Orchard
> Sent: Wednesday, October 16, 2002 8:36 AM
> To: www-ws-arch@w3.org
> Subject: Potential issue around ws-security and wsdl definitions
>
>
>
> Hi all,
>
> I wanted to potentially raise an issue around liaison with oasis
> ws-security.  ws-security does not currently provide wsdl
> definitions for
> the security elements exchanged.  There is a discussion list around
> describing qualities of service.  I think it would be a good
> thing to ask
> oasis ws-security tc if they could provide wsdl definitions
> as part of their
> v1 output.  Obviously this is a very delicate area, and we
> don't want to
> annoy them.  If there isn't a strong majority within our group, then I
> wouldn't want to proceed either.  This certainly appears to be an
> architectural area.  It appears the key issue is around
> timing of when to
> provide description - either at the same time as the soap
> definitions or
> later.
>
> I think this is also a "web service spec" best practice - Descriptions
> should be provided at the same time as runtime extensions.
>
> Some potential wording suggestion
>
> "Dear OASIS WS-Security TC,
>
> The W3C Web Services Architecture Working Group would like to
> express it's
> concern around the lack of WSDL definitions for WS-Security
> elements in the
> first version of the WS-Security product.  We would like to
> encourage the
> WS-Security group to take up this piece of work in the first
> version of it's
> product.  It appears that the issue is not so much the
> "goodness" of such a
> thing, rather the timing is the issue.  There are a variety
> of rationale for
> including description in v1: 1) To ensure that the runtime
> aspects can be
> described in a reasonable manner - it would be unfortunate if
> some headers
> were difficult to describe in wsdl; 2) To promote
> interoperability - bodies
> such as W3C and WS-I believe that interoperable descriptions are a
> requirement to interoperability.
> "
>
> Cheers,
> Dave
>
>
>
Received on Thursday, 24 October 2002 19:04:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:09 GMT