W3C home > Mailing lists > Public > www-ws-arch@w3.org > December 2003

RE: Annotated List of Specs Related to Web Services

From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
Date: Fri, 12 Dec 2003 14:12:06 -0600
Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E026F0074@bocnte2k3.boc.chevrontexaco.net>
To: "Newcomer, Eric" <Eric.Newcomer@iona.com>, www-ws-arch@w3.org
OK, I'll merge this in, minus the comments about WS-T and WS-C, where I
don't understand the antecedants.
-----Original Message-----
From: Newcomer, Eric [mailto:Eric.Newcomer@iona.com] 
Sent: Friday, December 12, 2003 12:36 PM
To: Cutler, Roger (RogerCutler); www-ws-arch@w3.org
Subject: RE: Annotated List of Specs Related to Web Services

For the WS-CAF specs there are now a OASIS references:
And for the individual specs:
The primer
WS-CF http://www.oasis-open.org/committees/download.php/4345/WSCF.pdf
WS-TXM http://www.oasis-open.org/committees/download.php/4346/WSTXM.pdf
For the record, we have taken great pains to ensure that these
specifications enhance and extend WS-T and WS-C and do not compete with
them, at least not technically.

	-----Original Message----- 
	From: www-ws-arch-request@w3.org on behalf of Cutler, Roger
	Sent: Fri 12/12/2003 12:13 PM 
	To: www-ws-arch@w3.org 
	Subject: Annotated List of Specs Related to Web Services

	The following annotated list of specs related to Web services
was originally compiled by Roger Cutler.  Paul Denning subsequently
added significantly to the references and organization of the list.  The
annotations are one person's opinions of what is going on, and do not
reflect a consensus of the Working Group, the W3C or anybody's employer.
As will be apparent, some of the annotations reflect the limitations of
what I happen to know about.

	SOAP - Basic messaging spec for Web services. SOAP 1.1 has been
very widely implemented and is part of the WS-I Basic Profile Version
1.0. SOAP 1.2 went to Recommendation status in June, 2003. It does not
seem likely that SOAP 1.2 will be particularly controversial and major
vendors will probably implement it quickly now that it is a
	        Web Services Interoperability Organization, Basic
Profile Version 1.0a, Final Specification, 2003-08-08,
W3C NOTE, SOAP: Simple Object Access Protocol 1.1, 08 May 2000,
	<http://www.w3.org/TR/2000/NOTE-SOAP-20000508/>         W3C,
SOAP Version 1.2 Part 1: Messaging Framework, W3C Recommendation, 24
June 2003, http://www.w3.org/TR/2003/REC-soap12-part1-20030624/
W3C, SOAP Version 1.2 Part 2: Adjuncts, W3C Recommendation, 24 June
2003, http://www.w3.org/TR/2003/REC-soap12-part2-20030624/
	<http://www.w3.org/TR/2003/REC-soap12-part2-20030624/> EbMS -
EbXML Messaging - transport, routing and packaging of business
transactions. Part of the larger ebXML structure, this spec leverages
SOAP 1.1 but adds a number of business-critical capabilities such as
security (roughly at the level of WS-Security, I think) and reliability.
EbMS 1.0 was part of the original ebXML package, ebMS 2.0 is a
significant improvement, currently in "final draft" in OASIS (I think).
In practice it appears that much of the industry uptake of ebXML has
been essentially ebMS as opposed to the higher level portions of the
ebXML package.
	        OASIS, Message Service Specification, Version 2.0, OASIS
ebXML Messaging Services Technical Committee, 1 April 2002,
WSDL - Basic Web services description spec. WSDL 1.1 has been very
widely implemented and is part of the WS-I Basic Profile Version 1.0.
WSDL 1.2 is being developed in the W3C and is in a "middle" stage of the
process. There does not seem to be any particular competition to WSDL
1.2 in other standards organizations and major vendors will probably
implement it quickly once it becomes a recommendation (which will take a
	        W3C, Web Services Description Language (WSDL) 1.1, W3C
Node, 15 March 2001, http://www.w3.org/TR/2001/NOTE-wsdl-20010315
	<http://www.w3.org/TR/2001/NOTE-wsdl-20010315>         W3C, Web
Services Description Language (WSDL) Version 1.2 Part 1: Core Language,
W3C Working Draft, 11 June 2003,
	<http://www.w3.org/TR/2003/WD-wsdl12-20030611>         W3C, Web
Services Description Language (WSDL) Version 1.2 Part 2: Message
Patterns, W3C Working Draft, 11 June 2003,
W3C, Web Services Description Language (WSDL) Version 1.2 Part 3:
Bindings, W3C Working Draft, 11 June 2003,
	<http://www.w3.org/TR/2003/WD-wsdl12-bindings-20030611> EbCPPA -
EbXML Collaboration Protocol Profile and Agreement - The Collaboration
Protocol Profiles (CPPs) and Agreements (CPAs) which define a business
partner's technical capabilities to engage in electronic business
collaborations with other partners, and the technical agreement between
two or more partners to engage in electronic business collaboration.
Version 1.0 was part of the original ebXML package, version 2 has
significant upgrades and was ratified Dec, 2002. Although the CPP/CPA
framework seems very business oriented, I do not know of many (or any,
to be honest) examples of it being used in production.
	        OASIS, Collaboration-Protocol Profile and Agreement
Specification, Version 2.0, OASIS ebXML Collaboration Protocol Profile
and Agreement Technical Committee, 23 September 2002
UDDI (Universal Description, Discovery, and Integration)- Web services
registry. Version 2 adopted 4/2003 has been implemented by a number of
vendors. Version 3, under development, includes new features like
subscriptions/notification, support for digital signatures, keys
assigned by publishers rather than registry providers (which may
facilitate the development of federation), better support for copying of
registry entries between non-replicated registries. UDDI v3 specifies
Schema Centric Canonocalization when using digital signatures.
Implementation of UDDI on the internet has stalled but there is
widespread interest in using UDDI in corporate intranets.
	        OASIS, Universal Description, Discovery and Integration
(UDDI) Version 3.0 Published Specification, 19 July 2002,
OASIS, Universal Description, Discovery and Integration (UDDI) V2.0, 19
July 2002,
OASIS, Schema Centric XML Canonicalization, Version 1.0, 10 July 2002,
<http://uddi.org/pubs/SchemaCentricCanonicalization-20020710.htm> ebXML
Registry Services - - ebeXML registry, provides function along lines
similar to UDDI. Version 2 adopted 12/2001. See also the ebXML Registry
Information Model
	        OASIS, OASIS/ebXML Registry Information Model v2.0,
Approved OASIS Standard, OASIS/ebXML Registry Technical Committee, April
OASIS, OASIS/ebXML Registry Services Specification v2.0, Approved OASIS
Standard, OASIS/ebXML Registry Technical Committee, April 2002,
AS2 - Probably best viewed as an alternative to Web services, AS2 is a
draft spec from the IETF. It has not made it completely through the IETF
process, but it appears to be relatively stable nonetheless. It provides
basic but non-extensible security and reliability features for a payload
that may be a binary file (typically an old fashioned EDI file) or XML.
AS2 seems to be appropriate for simple transactions, particularly those
that can be performed synchronously, but may not lend itself to more
elaborate scenarios. WalMart has provided a huge boost to AS2
implementation by requiring in order to do EDI business with them. See,
for example, discussions in product offerings from Isoft and Sterling
	XML Signature - Digital signature for an XML document, providing
proof of data integrity, message and user authentication. Used by
WS-Security and ebXML security. This is a mature, widely used spec.
	        W3C, XML-Signature Syntax and Processing - W3C
Recommendation, 12 February 2002, http://www.w3.org/TR/xmldsig-core/
	<http://www.w3.org/TR/xmldsig-core/> XML Encryption - Digital
encryption of documents or portions of documents. Recently (12/2002)
finalized, not yet widely used but presumably it will be.
	        W3C, XML Encryption Syntax and Processing - W3C
Recommendation, 10 December 2002,
	<http://www.w3.org/TR/2002/PR-xmlenc-core-20021003/> XKMS - XML
Key Management - Protocols for distributing and managing public keys,
intended for use with XML Signature and Encryption. Work in progress.
Based on XKMS proposal http://www.w3.org/TR/xkms/
	<http://www.w3.org/TR/xkms/>         W3C, XML Key Management
Specification (XKMS) - W3C Note, 30 March 2001,
	<http://www.w3.org/TR/xkms/> WS-CHOR - Web Services Choreography
WSCI, from Sun and others (not MS/IBM), was a major submission but the
working group has received other submissions and has moved significantly
beyond WSCI. Describes the flow of messages exchanged by a Web Service
participating in choreographed interactions with other services.
Considerable overlap with BPEL, but more declarative and oriented toward
message sequencing rather than process description. WS-CHOR is intended
to be a language that allows machines to figure out how to use Web
services, BPEL focuses on how to control Web services.  (See also
http://xml.coverpages.org/bpm.html <http://xml.coverpages.org/bpm.html>
	        W3C NOTE, Web Service Choreography Interface (WSCI) 1.0,
8 August 2002, http://www.w3.org/TR/2002/NOTE-wsci-20020808
	<http://www.w3.org/TR/2002/NOTE-wsci-20020808>         *** W3C
NOTE, Web Services Conversation Language (WSCL) 1.0, 14 March 2002,
	<http://www.w3.org/TR/2002/NOTE-wscl10-20020314/> BPEL - Web
Services Business Process Execution Language business process execution
language which form the necessary technical foundation for multiple
usage patterns including both the process interface descriptions
required for business protocols and executable process models. Based on
BPEL4WS submission from Microsoft, IBM and BEA. WSFL (IBM) and XLANG
(Microsoft) were earlier efforts. Considerable overlap with Web Services
Choreography, but more process oriented. See above.
	        BEA/IBM/Microsoft, Business Process Execution Language
for Web Services, Version 1.0, 31 July 2002,
BEA/IBM/Microsoft/SAP/Siebel, Business Process Execution Language for
Web Services, Version 1.1, 5 May 2003,
	        ***IBM, Web Services Flow Language (WSFL 1.0), May 2001,
***Microsoft, XLANG, 2001,
ebBPSS - ebXML Business Process - Representation and model compatible
with an underlying generic metamodel for business processes, activities,
and collaboration. This is the ebXML version of choreography, and I
think it is simpler than either WS-CHOR or BPEL. Version 1.001 was part
of the original ebXML package, and I think that an OASIS TC is just now
in the process of starting up to work on enhancements. I am not aware of
any significant applications of ebBPSS.
	        OASIS-UN/CEFACT, ebXML Business Process Specification
Schema (BPSS), Version 1.01, 11 May 2001,
	<http://www.ebxml.org/specs/ebBPSS.pdf> WS-Security  Construct
secure SOAP message exchanges, including provision for multiple security
tokens for authorization and authentication, multiple trust domains,
multiple encryption technologies and end-to-end message-level security
(not just transport-level security). Out of scope: multiple message
exchanges, key exchange, establishing and maintaining trust. WS-Security
defines two core capabilities: 1- how to use XML-Signature and
XML-Encryption with SOAP messaging. It specifies how to pass signatures
and key information in a SOAP header. 2- how to pass security tokens
with a SOAP message. WS-Security supports a variety of security tokens
(each defined by its own binding specification), such as
userid/password, X.509 certificates, Kerberos tickets, and SAML tokens.
The WS-Security TC is just starting in OASIS, but major vendors (MS,
IBM) have already implemented the submitted spec.
	        IBM/Microsoft/VeriSign, "Web Services Security
(WS-Security)", 5 April 2002,
IBM/Microsoft/VeriSign, "Web Services Security Addendum", Version 1.0,
18 August 2002, http://msdn.microsoft.com/ws/2002/07/Security/
	<http://msdn.microsoft.com/ws/2002/07/Security/>         OASIS,
Web Services Security,
SAML  Security Assertion Markup Language. Exchanging authorization and
authentication information. Version 1.0 finalized 11/2002. SAML defines
three core capabilities: 1- how to represent security tokens in XML.
These tokens are called assertions, and SAML defines three types of
assertions -- authentication, authorization, and attributes. (attributes
provide qualifying information that constrain the other assertions --
such as spending limits or timing constraints). An assertion is made by
some type of trust authority. 2- a process model for obtaining security
tokens from a trust authority. This includes a set of protocols for
accessing a trust authority. SAML defines two types of trust
authorities: Policy Decision Points (PDPs) and Policy Enforcement Points
(PEPs). SAML has defined bindings for multiple protocols, including
SOAP/WSDL. 3- a set of protocol bindings for conveying SAML tokens. SAML
1.1 defines how to pass SAML tokens for browser applications. It does
not define bindings for how to pass SAML tokens in SOAP messages -- that
is left to WS-Security. It appears that this spec may be getting some
real traction in terms of practical implementations. See, for example,
this auto industry implementation.
	        OASIS, Security Assertion Markup Language (SAML) v1.1,
OASIS Standard, 2 September 2003,
1.1-pdf-xsd.zip>         OASIS, Security Assertion Markup Language
(SAML), v1.0, OASIS Standard, 5 Nov 2002,
1.0-pdf.zip> *** Trust  - 
	        *** IBM/Microsoft/VeriSign/RSA Security, Web Services
Trust Language (WS-Trust), Version 1.0, 18 December 2002,
	<http://msdn.microsoft.com/ws/2002/12/ws-trust/> Reliable
Messaging: A protocol that allows messages to be delivered reliably
between distributed applications in the presence of software component,
system, or network failures by implementing an acknowledgement
infrastructure. There are two major specs that differ in some technical
respects but which by and large implement the same type of
	- Web Services Reliability - OASIS TC. Based on WS-Reliability
submission from Oracle, Sun and others.
	        Fujitsu/Hitachi/Oracle/Sonic/Sun, Web Services
Reliability (WS-Reliability) Ver1.0, 8 Jan 2003,
	<http://www.sonicsoftware.com/wsreliability> -
WS-ReliableMessaging from BEA Systems, Microsoft, IBM, Tibco. Not
currently submitted to any standards body but being implemented
nevertheless by several technology vendors.
	        BEA/IBM/Microsoft/TIBCO Software, "Web Services Reliable
Messaging Protocol (WS-ReliableMessaging)", 13 March 2003,
XACML  XML Access Control Markup Language  Fine-grained access control
to XML documents, including by element, sub-tree, temporal, data
dependent and so on. Here is a brief introduction to XACML. XACL from
IBM, was one of the major submissions for this spec but there were a
number of others and XACML differs substantially from XACL. Spec
finalized 2/2003.
	        OASIS, eXtensible Access Control Markup Language (XACML)
Version 1.0, OASIS Standard, 18 February
df> WS-Transaction Framework - WS-Transaction and WS-Coordination were
originally released by IBM, Microsoft and BEA along with BPEL4WS. These
specifications have recently been updated and revised. The latest set of
specifications for the WS Transaction Framework, published by the same
authors, include an updated WS-Coordination spec, WS-AtomicTransaction
which replaces part 1 of WS-Transaction, and WS-BusinessActivity (still
to be published) which replaces part 2 of WS-Transaction.
WS-Coordination defines the protocols for creating activities,
registering in activities, and transmitting information to disseminate
an activity. WS-AtomicTransaction defines the Atomic Transaction
coordination type, which is appropriate to use when building
applications that require a consistent agreement on the outcome of a
short-lived distributed activity, where strong isolation is required
until the transaction completes. WS-BusinessActivity defines the
Business Activity coordination type, which is appropriate to use when
building applications that require a consistent agreement on the
coordination of a distributed activity, where strong isolation is not
feasible, and application-specific compensating actions are used to
coordinate the activity. It appears to me that the WS-Transaction
Framework and the Web Services Composite Application Framework
(described below) are playing in more or less the same space and are not
obviously compatible. That is, that they are in competition.
	        BEA/IBM/Microsoft, Web Services Coordination
(WSCoordination), September 2003,
BEA/IBM/Microsoft, Web Services Transaction (WS-Transaction), August
2002, http://msdn.microsoft.com/ws/2002/08/wstx/
BEA/IBM/Microsoft, Web Services Atomic Transaction
(WSAtomicTransaction), September 2003,
	<http://ftpna2.bea.com/pub/downloads/ws-at-pub.pdf> Web Services
Composite Application Framework (WS-CAF) - WS-CAF defines a generic
framework for applications that contain multiple services used in
combination (composite applications). It specifies interoperable
mechanisms to set the boundaries of an activity (such as start/end, or
success/failure), to create, access and manage context information, and
to inform participants of changes to an activity. And it supports a
range of transaction models, including simple activity scoping, single
and two phase commit ACID transactions, and recoverable long running
activities. The WS-CAF suite includes three specs published by Arjuna,
Fujitsu, IONA, Oracle and Sun: Web Service Context (WS-CTX ) a
lightweight framework for simple context management, Web Service
Coordination Framework (WS-CF) a sharable mechanism that manages context
augmentation and lifecycle, and Web Services Transaction Management
(WS-TXM) which comprises three distinct, interoperable transaction
protocols that can be used across multiple transaction managers. A new
OASIS TC has recently been created to further develop the WS-CAF

			Arjuna/Fujitsu/IONA/Oracle/Sun, Web Services
Context, 2003-07-28, Version 1.0,

			Arjuna/Fujitsu/IONA/Oracle/Sun, Web Services
Coordination Framework, 2003-07-28, Version 1.0,

			Arjuna/Fujitsu/IONA/Oracle/Sun, Web Services
Transaction Management, 2003-07-28, Version 1.0,

			Arjuna/Fujitsu/IONA/Oracle/Sun, Web Services
Composite Application Framework, 2003-07-28, Version 1.0,

	WS-Policy is a grammar for specifying Web services policy
assertions such as authentication schemes, transport protocol selection,
privacy policy, QoS characteristics. Another Microsoft, IBM, BEA spec,
not submitted yet to any standards body.
	        IBM/Microsoft/BEA/SAP, Web Services Policy Assertions
Language (WS-PolicyAssertions), 18 December 2002,
IBM/Microsoft/BEA/SAP, Web Services Policy Attachment
(WS-PolicyAttachment), 18 December 2002,
IBM/Microsoft/BEA/SAP, Web Services Policy Framework (WS-Policy), 18
December 2002, http://msdn.microsoft.com/ws/2002/12/Policy/
	<http://msdn.microsoft.com/ws/2002/12/Policy/> WS-Addressing -
provides transport-neutral addressing for Web services that work through
firewalls, gateways, etc. Another spec from MS/IBM/BEA, it apparently
replaces WS-Routing. I don't think it has been submitted to any
standards body.
	        BEA/IBM/Microsoft, Web Services Addressing
(WS-Addressing), 13 March 2003,
WS-Federation - A spec for standardizing the way companies share user
and machine identities among disparate authentication and authorization
systems spread across corporate boundaries. Developed by IBM/MS/BEA/RSA,
I think it is at least partly in competition with the ID-WSF from the
Liberty Alliance, discussed below..
	        Web Services Federation Language (WS-Federation),
Version 1.0, July 8, 2003,
WS-Federation: Active Requestor Profile, 08 July 2003,
	<http://www.ibm.com/developerworks/library/ws-fedact/> SPML -
Service Provisioning Markup Language
- framework for exchanging information between provisioning service
points.  Provisioning refers to what happens, for example, when a new
employee shows up and changes are required in corporate LDAP, HR
database and so on.  This spec does not seem particularly controversial,
but there also doesn't seem to be a whole lot of interest in it,
although it has apparently been implemented in the catalyst industry.
	ID-FF - IDentity Federation Framework, from the Liberty
Alliance. Defines an architecture for providing federated network
identity that enables single signon functionality for a user to multiple
service providers. Liberty is a major consortium that does not include
MS or IBM, and the products are more or less in competition with
varioius WS-* specs. I think that ID-FF is more or less along the same
lines as WS-Policy. Submitted to OASIS.
	ID-WSF - IDentity Web Services Framework - Another spec from the
Liberty Alliance, it builds on ID-FF and provides a framework for
identity based web services in a federated network identity environment.
I believe that ID-WSF is pretty much in the same space, and incompatible
with, WS-Federation. Detailed comparison is beyond the scope of this
document, but it appears that both have a number of components for which
there is no comparable function in the other, with Liberty possibly
being the more fully developed. In addition, they have made different
technology choices for similar functions (e.g. ID-WSF Discovery Services
vs UDDI for WS-Federation.
	WSRP - Web Services for Remote Portlets - Intended to provide
"plug-n-play" for portals and other apps that aggregate content.
Recently adopted as an OASIS standard, the players in the interop
testing include BEA, IBM and Oracle. Microsoft, Sun and many others
participated in the TC. This spec seems to have wide industry
participation, but I have no idea how soon to expect implementation.
	        OASIS, Web Services for Remote Portlets Specification,
OASIS Standard, August 2003,
p-specification-1.0.pdf> *** BEA Building Blocks
	The following specs, developed by BEA, are available with clear
Royalty Free (RF) terms.
	        BEA, SOAP Conversation Protocol (SOAP Conversation) 1.0,
13 Jun 2002,
BEA, WS-CallBack Protocol (WS-CallBack), 26 Feb 2003,
BEA, Web Service Acknowledgement Protocol (WS-Acknowledgement), 26 Feb
jsp>         BEA, Web Services Message Data (WS-MessageData), 26 Feb
*** Semantic Web
	DARPA, DAML-S (and OWL-S) 0.9 Draft Release, 2003-05,
	W3C, OWL Web Ontology Language Guide, W3C Candidate
Recommendation 18 August 2003,
	W3C, OWL Web Ontology Language Overview, W3C Candidate
Recommendation, 18 August 2003,
	W3C, OWL Web Ontology Language Reference, W3C Candidate
Recommendation 18 August 2003,
	W3C, OWL Web Ontology Language Semantics and Abstract Syntax,
W3C Candidate Recommendation 18 August 2003,
	W3C, OWL Web Ontology Language Test Cases, W3C Candidate
Recommendation, 18 August 2003,
	W3C, OWL Web Ontology Language Use Cases and Requirements, W3C
Candidate Recommendation 18 August 2003,
	ISO/IEC, Information Technology - Document Description and
Processing Languages, The XML Topic Maps (XTM) Syntax 1.1, JTC 1/SC34
N0398, 2003-04-03, http://www.isotopicmaps.org/sam/sam-xtm/
	<http://www.isotopicmaps.org/sam/sam-xtm/> *** SOAP Attachments
	AT&T/BEA/Canon/Microsoft/SAP/ , SOAP Messages with Attachments,
1 Apr 2003,
	W3C, SOAP Message Transmission Optimization Mechanism, W3C
Working Draft, 21 July 2003,
	IBM/Microsoft, WS-Attachments, 17 June 2002,
	W3C NOTE, SOAP Messages with Attachments, 11 Dec 2000,
	W3C NOTE, SOAP Version 1.2 Message Normalization, 8 October
2003, http://www.w3.org/TR/2003/NOTE-soap12-n11n-20031008/
	<http://www.w3.org/TR/2003/NOTE-soap12-n11n-20031008/> *** SOAP
	IETF, Using the Simple Object Access Protocol (SOAP) in Blocks
Extensible Exchange Protocol (BEEP), RFC 3288,
	<http://www.rfc-editor.org/rfc/rfc3288.txt> *** Secure
	IBM/Microsoft/VeriSign/RSA Security, Web Services Secure
Conversation Language (WS-SecureConversation), Version 1.0, 18 December
2002, http://msdn.microsoft.com/ws/2002/12/ws-secure-conversation/
IBM/Microsoft/VeriSign/RSA Security, Web Services Security Policy
Language (WS-SecurityPolicy), Version 1.0, 18 December 2002,
Received on Friday, 12 December 2003 15:12:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:41:09 UTC