- From: <noah_mendelsohn@us.ibm.com>
- Date: Mon, 14 Oct 2002 14:11:00 -0400
- To: xml-dist-app@w3.org
At the face-to-face on the West Coast at SAS, several us noticed and
began privately discussing what we now believe is a problem that needs
at least some attention in the specification. Specifically, there is
a use case that more or less all of us have come to believe is
important, and for which the specification is at best ambiguous and at
worst incapable of meeting without republication. Several of us have
come up with a proposed resolution that we believe to be
straightforward, low risk, and within the bounds of what we can
reasonably do without going back to last call. I am indebted to Mark
Jones for first pointing this out, and to numerous others including
Henrik and Marc Hadley for helpful discussion and comment. Particular
thanks to Henrik for helping me to refine early drafts of this note.
The responsibility for the formulation in this note, and for raising
this now, is mine.
The Problem
-----------
Among the reasons that we have the "next" role is for headers that
carry information to be available to all downstream nodes. One of the
simplest scenarios would be to have such a header that would travel
with the message, to be available to those nodes that "understand" the
header, and to be ignored and passed on by nodes that do not
understand it. As a simple example, I might want to put in the header
indicating the time at which the message was originally sent. More
substantively, I might wish to put in a digital signature, to be
checked by those who care, and ignored but retained by others.
SOAP 1.2 as proposed cannot support these simple scenarios. Why?
Because section 2.7.1[1] makes clear that a forwarding intermediary
MUST remove from the message all headers targeted to it, and can
trigger reinsertion only by processing and understanding a header. In
the case where you don't understand the header, you must remove it.
It's essential to note that we are considering the case of
mustUnderstand='false'; there is no problem with the 'true' case.
Approaches to Resolving the Problem
-----------------------------------
Discussion of this problem has been going on at a low level for
awhile, in part because some of us have been trying to decide whether
the existing specification can somehow be made to do the right thing.
Given that we are in last call, that would obviously be a desirable
approach. So, here I briefly outline some of the approaches that were
considered, and then in the next section I propose one that seems to
some of us to be the best.
It is tempting to ask whether a user might be able to design specific
headers and/or roles that would meet the need. In other words: if I
define a role and some headers to use with it, then I could say that
you wouldn't assume that role unless you knew the specification for at
least one of the headers, and that specification would implement a
feature to change the relay rules for that role. My personal
conclusion is that this is possible in principle, but would not be
practical when one considers the way that most SOAP software will in
fact be built. Reason: the core rules regarding the relaying of
headers are baked into section 2.7.1, and in practice will often be
implemented by general-purpose SOAP middleware. The key point is that
such middleware will in general be written to treat all user-defined
roles identically. Allowing particular roles to change the relay
rules requires that such middleware have pluggable handlers that key
on specific role names, and this is something that few of us
anticipate doing.
There is another alternative which is also coherent, and indeed is
more powerful than the one proposed below, but which seems to be
overkill and would probably take us back to last call. That
alternative would be to introduce a new attribute for use on header
entries along the lines of relayIfNotProcessed='true'. Thus:
<soap:Header>
<nrm:myHeader role="..any role you like..."
mustUnderstand="false"
relayIfNotProcessed="true">
...
</nrm:myHeader>
</soap:Header>
This seems to work, and has the capability of working with any role.
It just seems like more power and complexity than we need to deal with
the specific use case. If we were to get serious about this proposal,
there would be several details requiring refinement, but for now I am
just suggesting that this is not the direction to go.
Another possibility that has been raised would be to change the
default behavior to be: "leave in place any header entries that are
not processed". Optionally, we could additionally define a
relayIfProcessed override if the group felt it to be worth the
trouble. My impression is that some who have considered changing the
default rules like the idea, but some feel that it doesn't meet a need
to have headers that do indeed disappear when unprocessed. For the
record, I quite like the idea, but (a) am not ready to take the lead in
pushing it in the face of any significant opposition and (b) would not
want to go back to last call if this were deemed a serious change--
I'm not sure it is.
A Proposal
----------
Anyway, having done the above analysis, several of us conclude that:
* The use case is important that we must find a way to meet it
* The draft as written doesn't give explanation of how
* We need a simple, minimally invasive fix to what we have
We propose one new builtin role to be called:
http://www.w3.org/2002/06/soap-envelope/role/relay . In most
respects, this role would be like any other. Any intermediary or
ultimate receiver MAY choose to assume this role. The one significant
difference, and it is one that we believe has to be baked into the
specification from day one (I.e. would be an incompatible change if
made later) is that section 2.7.1 will be changed as follows:
<original>
Forwarding SOAP intermediaries MUST process the message
according to the SOAP processing model defined in 2.6
Processing SOAP Messages. They MUST also remove from
the SOAP message all SOAP header blocks targeted at
themselves, prior to forwarding, regardless of whether
these header blocks were processed or ignored.
In addition, forwarding SOAP intermediaries MUST also
obey the specification for the SOAP forwarding feature
being used. The specification for such a feature MUST
describe the required semantics, including the rules
describing how the forwarded message is
constructed. Such rules MAY describe placement of
inserted or reinserted SOAP header blocks. Inserted
SOAP header blocks might be indistinguishable from one
or more of the header blocks removed above.
</original>
<proposed>
Forwarding SOAP intermediaries MUST process the message
according to the SOAP processing model defined in
2.6 Processing SOAP Messages. In addition, when
generating a SOAP message for the purpose of forwarding,
they MUST:
* For any processed SOAP header block, as well as for
ignored SOAP header blocks targeted to the node
using a role other than
http://www.w3.org/2002/06/soap-envelope/role/relay:
remove the header block prior to forwarding
* Retain all SOAP header blocks that were targeted at
the forwarding node using the role
"http://www.w3.org/2002/06/soap-envelope/role/relay"
but ignored during processing.
In addition, forwarding SOAP intermediaries MUST also obey the
specification for the SOAP forwarding feature being used. The
specification for such a feature MUST describe the required semantics,
including the rules describing how the forwarded message is
constructed. Such rules MAY describe placement of inserted or
reinserted SOAP header blocks. Inserted SOAP header blocks might be
indistinguishable from one or more of the header blocks removed above.
</proposed>
I wish to reiterate that I understand it is late in the last call
process, and that I would strongly prefer that we not do anything that
would delay our progress for weeks or months, just to deal with this
one concern. That said, I think this is a significant use case that
deserves at least some consideration. Thank you.
Noah
[1] http://www.w3.org/2000/xp/Group/2/06/LC/soap12-part1.html#forwardinter
------------------------------------------------------------------
Noah Mendelsohn Voice: 1-617-693-4036
IBM Corporation Fax: 1-617-693-8676
One Rogers Street
Cambridge, MA 02142
------------------------------------------------------------------
Received on Monday, 14 October 2002 20:31:28 UTC