[Issue 165] Re: What happened about HTTPS in the HTTP binding? from Hugo Haas on 2004-07-23 (www-ws-desc@w3.org from July 2004)

From: Hugo Haas <hugo@w3.org>
Date: Fri, 23 Jul 2004 13:49:56 +0200
To: Jonathan Marsh <jmarsh@microsoft.com>, www-ws-desc@w3.org
Message-ID: <20040723114956.GD14776@w3.org>

* Hugo Haas <hugo@w3.org> [2004-07-23 12:07+0200]
> I remember that we allowed HTTPS in the HTTP binding. The introduction
> actually says so. Am I correct?
> 
> However, this is the only place where the term HTTPS appears, so
> something is missing.
> 
> Anybody remembers what was decided?

Actually, I found the following:

  Issue 165: HTTPS support

  Closed 5/20/2004 FTF. Will add http:authenticationType and
  http:authenticationRealm to endpoint.

  0. http://www.w3.org/2002/ws/desc/2/06/issues.html#x165

I would like to confirm my understanding of the issue — the issue
about issue 165 —:

- rereading Youenn's original email[5], issue 165 seems to be more
  about basic authentication than about HTTPS; this would explain the
  resolution recorded, and also the fact that the 2004-05-20
  minutes[1] do not mention HTTPS at all except to say that the issue
  is closed, and that Dave's proposal[2] which was discussed doesn't
  mention HTTPS either.

- HTTPS was supposed to be addressed by looking at the URI scheme; I
  remember it being like that in an old draft[6], it is mentioned and
  isn't challenged in Youenn's email[5]; I believe that, because of
  the reuse of {http location} in the SOAP binding, HTTPS would also
  be supported by the SOAP binding; my interpretation also seems to be
  confirmed by a comment made by Jonathan the following day[3]:

    Jmarsh:   Maybe it is about changing the uri scheme on a per 
       operation basis? http and https?

  I think that it disappeared from the draft by mistake.

So I think that we need to do two things:
1. retitle issue 165 to say: HTTPS and Authentication support
2. put back in the draft the handling of HTTPS based on the URI scheme,
   with some text like in [6].

I am afraid that if we don't do (2), we will have to reopen issue 165.

(1) is just to be able to understand what 165 was about.

Jonathan, all, does that make sense? If so, I'll put it back in the
draft.

Regards,

Hugo

PS: I had a look at HTTPS discussions in the archive[4], and it seems
that the 2004-05-20 minutes is the last time the word HTTPS shows up.

  1. http://lists.w3.org/Archives/Public/www-ws-desc/2004May/0074.html
  2. http://lists.w3.org/Archives/Public/www-ws-desc/2004May/0053.html
  3. http://lists.w3.org/Archives/Public/www-ws-desc/2004May/0073.html
  4. http://www.w3.org/Search/Mail/Public/search?keywords=HTTPS&hdr-1-name=subject&hdr-1-query=&index-grp=Public__FULL&index-type=t&type-index=www-ws-desc
  5. http://lists.w3.org/Archives/Public/www-ws-desc/2004Mar/0304.html
  6. http://www.w3.org/2004/01/21-httpbinding.html#origin
-- 
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/

Received on Friday, 23 July 2004 07:50:59 UTC