W3C home > Mailing lists > Public > www-ws@w3.org > June 2003

RE: Proposed issue; Visibility of Web services

From: John Colgrave <colgrave@hursley.ibm.com>
Date: Mon, 2 Jun 2003 15:52:31 +0100
To: <www-ws@w3.org>
Message-ID: <004101c32916$98295210$afd51409@T30COLGRAVE>
UDDI V2 already defines the second form, in terms of a discoveryURL.  For
example, you can get IBM's XML document by issuing an HTTP GET using the URL
http://uddi.ibm.com/ubr/uddiget?businessKey=D2033110-3AAF-11D5-80DC-00203522
9C64

 

UDDI V3 generalised this to all the UDDI entities that have a key, not just
the businessEntity.  See [1].

 

In the particular case of UDDI the queries are constrained sufficiently that
there is not much difference between the two forms and I think there is a
1-1 correspondence.

 

1 http://uddi.org/pubs/uddi-v3.00-published-20020719.htm#_Toc42047357

 

John Colgrave

IBM

 

-----Original Message-----
From: www-ws-request@w3.org [mailto:www-ws-request@w3.org] On Behalf Of Jeff
Lansing
Sent: 30 May 2003 23:36
To: www-ws@w3.org
Subject: Re: Proposed issue; Visibility of Web services

 

The problem I was trying to solve was to make a constructive proof that the
visibility of SOAP (over GET or over POST, either way) was the same as the
visibility as GET with parameters. What matters to the proof is that there
exists some such encoding; the one that you created will do as well as any
other.

More interesting is the point that Allan just made. Prescod actually says
that we can "make a businessEntity an XML document addressable at a URI
like" <http://www.uddi.org/businessEntity/ibm.com>
http://www.uddi.org/businessEntity/ibm.com" or perhaps
"http://www.uddi.org/getbusinessEntity?ibm.com". The difference between
these two is subtle and does not have many technical implications so let's
not worry about it." 

But let's do worry about it, because there is a real difference in
visibility here. We can show that there cannot be a 1-1 correspondence
between things of these two forms by arguing as follows. For any set of
things of the first form (the "?"-free form) that you give me, I can
construct a bigger set of things of the second form.
Here's one fairly stupid way to do that. Say you give me these n = 2 things
of the first form:

http://www.uddi.org/businessEntity/ibm.com
http://www.uddi.org/businessEntity/bea.com

Then I will give you back these things 2**n - 1 = 3 things of the second
form:

http://www.uddi.org/getbusinessEntity?ibm.com
http://www.uddi.org/getbusinessEntity?bea.com
http://www.uddi.org/getbusinessEntity?ibm.com&bea.com

Of course there are really a whole lot more things of the econd form.
Intuitivily, it seems that the second form is free -- the requestor can
supply anything she wants for the variable part, including, you know, the
secret key to the trapdoor, or whatever -- while the first form is bound.

Jeff


David Orchard wrote:



Jeff,

 

I created such a thing about a year ago [1].  This doesn't really solve the
problem that is at the heart of the propose issue, which is the heavy use
that SOAP applications make of bindings to HTTP POST instead of GET.  Some
people think that POST should be avoided because it requires specific
configuration, ie the Xpath expression, for what to look for in a message
instead of simply the HTTP method and URI.  It's really a question of scale
of visibility versus simplicity across multiple protocols and applications.

 

Cheers,

Dave

 

[1] http://www.w3.org/2001/tag/doc/ws-uri.html

-----Original Message-----
From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On Behalf Of Jeff
Lansing
Sent: Friday, May 30, 2003 11:55 AM
To: www-ws@w3.org
Subject: Re: Proposed issue; Visibility of Web services

Hi,

There was a long discussion about the relative "visibility" of HTTP vs SOAP.
There seemed to be a tendency to believe that HTTP GET was the most
"visible" of all.

Now any SOAP message can be encoded as a HTTP GET, with "?" and "&"s.

Here's one way. Make XPath expressions for all the content in the SOAP
message, for example:

soap:Envelope/soap:Body/m:GetStockPrice/m:StockName

URL encode these expressions (not shown here). Then make a parameter:

soap:Envelope/soap:Body/m:GetStockPrice/m:StockName=IBM

Then string all the parameters together with ampersands.

This (with a few more tricks for namespace definitions and attributes) is a
linear encoding of all of the information in the SOAP message into a GET
request. No more and no less. So how can it be claimed that there is a
difference in "visibility" between the two?

Jeff


Mark Baker wrote:



On Thu, May 29, 2003 at 12:28:46PM -0400, Christopher B Ferris wrote:
  

I guess I just don't know what you think a "generic" intermediary is then. 
Give me an example
of a generic HTTP intermediary that does not have a specific role(s) like 
caching.  If my cache example
is not generic, I don't know what is. You seemed to have simply ignored 
that aspect of
my previous message. Was my example not "generic" by your standards?
    

 
No, at least not for the purposes of doing the apples-to-apples
visibility comparison.  I was trying to emphasize that HTTP defines
many application layer features, while SOAP does not.  That may seem
obvious and non-important, because SOAP may have lots in the future, but
that's really the point; it doesn't have them now, so a SOAP
intermediary developed with no knowledge of them has no visibility into
a transaction that uses them (outside of knowing that it doesn't know
what they mean, ala mustUnderstand).
 
Mike has said that SOAP firewalls will be going to market soon.  What
SOAP applications will they understand?  Will those firewalls be
upgraded for every new extension that comes along?  Because that's the
only way will they have similar visibility into SOAP transactions that
HTTP intermediaries developed today will have into HTTP transactions
executed 10 years from now.
 
BTW, I would *really* appreciate a response to this;
 
  

A SOAP+E intermediary would have *excellent* visibility into an
interaction between a client and server using those extensions, right?.
For example, if it had hardcoded-in knowledge of WS-Transaction, then it
could sit between a client and server coordinating a transaction, and
be able to follow along quite well; far better than it could if
something other than a transaction was being coordinated.  Agreed?
 
So can you see my point?  HTTP is at the same layer as WS-Transaction;
both are application layer coordination languages.
      

 
MB
  

 

 
Received on Monday, 2 June 2003 12:08:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:43 GMT