Authenticating messages RE: Hierarchy etc.

On the hierarchy front, it sealy is useful to use the extension mechanism,
which actually I discovered I had already used in the spec. This is
particularly important when we get to supporting X-Bulk.

I think it is very important to allow implementations to design the message
reception and authentication handlers in a modular way and avoid unnecessary
code duplication.

There is however a problem with adding signatures into messages by default.
There are only two mechanisms that XML appears to support cleanly:

1) Put a detached signature in the SOAP header

2) Use an enveloped signature in the body of the message:

<complexType name="MessageAbstractType" abstract="true">
	<sequence>
		<element ref="ds:Signature" minOccurs="0"/>
	</sequence>
</complexType>

<complexType name="RequestAbstractType" abstract="true">
	<complexContent>
		<extension base="xkms:MessageAbstractType">
			<sequence>
				<element ref="xkms:RespondWith"
minOccurs="0" maxOccurs="unbounded"/>
			</sequence>
			<attribute name="MajorVersion"
type="positiveInteger" use="required"/>
			<attribute name="MinorVersion" type="integer"
use="required"/>
			<attribute name="ResponseLimit" type="integer"
use="optional"/>
			<attribute name="Service" type="anyURI"
use="required"/>
		</extension>
	</complexContent>
</complexType>

<complexType name="ResultAbstractType" abstract="true">
	<complexContent>
		<extension base="xkms:MessageAbstractType">
			<sequence>
				<element ref="xkms:Result"/>
			</sequence>
			<attribute name="MajorVersion"
type="positiveInteger" use="required"/>
			<attribute name="MinorVersion" type="integer"
use="required"/>
		</extension>
	</complexContent>
</complexType>

The problem is that WSDL needs to key off the top level element as
specifying whether an element is a  Request or Response method. So burying
the request type one layer down is an own goal.

I prefer to go for (1), although I can live with (2).

		Phill