Re: [i95, i22] - Proposal for clarifying use of SOAPAction from Martin Gudgin on 2001-05-01 (xml-dist-app@w3.org from May 2001)

From: Martin Gudgin <marting@develop.com>
Date: Tue, 1 May 2001 14:37:32 +0800
To: "Williams, Stuart" <skw@hplb.hpl.hp.com>, <frystyk@microsoft.com>
Cc: <xml-dist-app@w3.org>
Message-ID: <006d01c0d209$35486750$7fbd598f@greyarea>

I'm a bit late to this thread but here's my input;

I seem to remember in SOAP 1.0 that the value of the SOAPAction *had* to be
the namespace URI + # + localname of the first child element of the Body.
This was I *thought* done to allow firewalls etc. to figure out ( broadly )
what the message was attempting to do and filter accordingly. All the SOAP
impls I've written have checked that the SOAPAction matches the first child
of the Body and if it doesn't throw a fault.

In SOAP 1.1 this requirement was relaxed ( it became more
vague/woolly/underspecified ( delete as appropriate )). Why?

Gudge

----- Original Message -----
From: "Williams, Stuart" <skw@hplb.hpl.hp.com>
To: <frystyk@microsoft.com>
Cc: <xml-dist-app@w3.org>
Sent: Friday, April 27, 2001 6:02 PM
Subject: RE: [i95, i22] - Proposal for clarifying use of SOAPAction


> Henrik,
>
> > -----Original Message-----
> > From: Henrik Frystyk Nielsen [mailto:frystyk@microsoft.com]
> > Sent: 25 April 2001 20:10
> > To: xml-dist-app@w3.org
> > Cc: soapbuilders@yahoogroups.com
> > Subject: [i95, i22] - Proposal for clarifying use of SOAPAction
> >
> >
>
> <snip/>
>
> > If a SOAP HTTP request is required but no SOAPAction header field is
> > present then the server SHOULD use a 425 (SOAPAction Required) status
> > code (*).
>
> <snip/>
>
> > *) We have to check that 425 is free (it is intended as a new status
> > code). The reason for using a new status code is that there is currently
> > no mechanism for indicating that SOAP HTTP requests are  expected and
not
> > just POST of any old data (including SOAP messages without SOAPAction
> > header field). There are no existing status codes that cover this case
> > and SOAP/1.1 is silent on the issue.
> >
> > Comments?
>
> I think I'd prefer to see some generic name for a 425 like error code eg.
> (Header Required by Context Missing) in this case the context is SOAP. If
> there is no existing HTTP error code that can be leveraged to indicate the
> absense of a required SOAPAction header then maybe we need to ask for one
to
> be assigned - but i think it would need to be justified on the basis of
more
> general utility to the sorts of things layered above HTTP.
>
> It seems a little awkward to me from a spec. maintenance POV that a change
> to the spec. of the SOAP/HTTP binding cascades a change in the HTTP spec.
It
> probably also sets a bad precident for other protocols layered over HTTP
to
> request/require error/status codes to suit their one specific purposes.
>
> > Henrik
> >
> > [1] http://www.w3.org/2000/xp/Group/xmlp-issues#x95
> > [2] http://www.w3.org/2000/xp/Group/xmlp-issues#x22
>
> Regards
>
> Stuart

Received on Tuesday, 1 May 2001 02:39:05 UTC