W3C home > Mailing lists > Public > www-xkms@w3.org > April 2002

Re: Requirements Last Call: HTTP Bindings

From: Yassir Elley <yassir.elley@sun.com>
Date: Fri, 19 Apr 2002 15:04:39 -0400
Message-ID: <3CC06A47.53CA0430@sun.com>
To: Blair Dillaway <blaird@microsoft.com>
CC: www-xkms@w3.org
Hi Blair,

Comments below.

Blair Dillaway wrote:

> 2. If you check the SOAP 1.1 Note submission to the W3C you will find
> the submitters have provided for royalty-free use of any IP incorporated
> in the spec.

I checked the SOAP 1.1 Note submission (at www.w3.org/Submission/2000/05).
While some of the submitters seem to be offering RF (royalty-free) terms, others
are clearly offering RAND (reasonable and non-discriminatory) terms. Is there
an updated URL I should be looking at?

>
> 3. XML-P has been making very good progress on SOAP 1.2 so we should
> probably discuss the viability of moving to a SOAP 1.2 binding at the
> upcoming f2f.  This may still be premature.

We should certainly discuss this.

>
> 4. SOAP over HTTP is probably the most widespread use of SOAP.  So a
> SOAP binding already tells one how to use HTTP.  If you mean something
> else then there would need to be a description of how the XKMS message
> payloads are carried over HTTP POST.  I don't see the value in creating
> another XML-based message description that isn't SOAP.  I think it
> obvious that we can't use HTTP GET.

Yes, I was proposing specifying how the XKMS message payloads are carried
over HTTP POST. Again, the value would be for clients who are for some reason
not able (for performance reasons) or not willing (for migration reasons) to deal
with SOAP (even over HTTP) but are able and willing to deal with HTTP directly.

I guess a more general question is whether XKMS is SOAP-agnostic.
When the Requirements state in 2.4.10 that "SOAP 1.1 need not be
the only binding defined, but is required", what does that mean? My interpretation
is that it means we are NOT requiring people to use SOAP, but that is the
only binding we happen to be providing and therefore the only one that is standard.
If we are indeed SOAP-agnostic, as 2.4.10 seems to indicate, then we should not
really be relying on any of the capabilities of SOAP and using SOAP-SEC should not
have even been an option when we were discussing payload security.

Anyway, I think we should discuss this and clarify this at the F2F.

-Yassir.

>
> Blair
>
> -----Original Message-----
> From: Yassir Elley [mailto:yassir.elley@sun.com]
> Sent: Tuesday, April 16, 2002 2:04 PM
> To: www-xkms@w3.org
> Subject: Requirements Last Call: HTTP Bindings
>
> The requirements clearly state that the "specification MUST provide a
> binding to SOAP 1.1 (2.1.4). Later, we say that "SOAP 1.1 need not be
> the only binding defined, but is required." (2.4.10)
>
> I assume this means that we are not requiring people to use SOAP 1.1 as
> a communications protocol, but essentially that is the only one whose
> binding we are specifying, so that is the only one that people will be
> able to rely on using interoperably.
>
> I propose adding a requirement that the specification MUST also provide
> a binding to HTTP. HTTP is certainly a widely supported communications
> protocol and there may be many devices that can deal with HTTP, but not
> with SOAP (such as constrained devices). Additionally, HTTP is not
> encumbered with any patents. Although I believe XML Protocol is being
> offered on a royalty-free basis, I don't think the same can be said for
> SOAP 1.1 (or WSDL for that matter).
>
> -Yassir.
>
> PS: Sorry about the late comment, but I believe Stephen said we would
> accomodate Last Call comments for a couple of days after April 15.
Received on Friday, 19 April 2002 15:07:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:16 GMT