- From: <noah_mendelsohn@us.ibm.com>
- Date: Wed, 15 Oct 2003 10:52:30 -0400
- To: Rich Salz <rsalz@datapower.com>
- Cc: Marc Hadley <Marc.Hadley@Sun.COM>, xml-dist-app@w3.org
I haven't picked through all the WSS stuff in detail, but I would guess
that in any case where you would legitimately not want to worry about it,
you could deal with the terminology in a few sentences.
For example (this is not fine tuned, but I think it conveys the idea):
"SOAP 1.1 was expressed in terms of XML 1.0 and made only general
provisions for alternate network transports or for alternate
representations of XML on the wire by the corresponding bindings. SOAP
1.2 makes such capabilities more explicit by modelling the XML Envelope as
an Infoset, and explicitly granting license to bindings to use non-XML 1.x
representations on the wire (e.g. compressed, encrypted, binary-optimized,
etc.) if desired. Except in situations where the differences are
important, this WSS specification makes no explicit distinction between
the SOAP 1.1 and SOAP 1.2 formulations. A reference to a <soap:header>
element, for example, should be understood as referring to the
corresponding Infoset Element Information Item when SOAP 1.2 is being
used."
If there are particular cases where the distinction is important, then you
should of course deal with it explicitly so your users will know how to
use WSS with SOAP 1.1 and SOAP 1.2 respectively. For example, I do
think it would be worth giving some thought to which layers of WSS will
work with approaches such as MTOM, which use the power of the Infoset
formulation to enable certain optimizations.
Speaking just for myself, I see no need for reference to Infoset to
pervade the spec, unless you want it to. I do think you should make the
connection to the SOAP 1.2 formulation, perhaps in the manner suggested
above.
------------------------------------------------------------------
Noah Mendelsohn Voice: 1-617-693-4036
IBM Corporation Fax: 1-617-693-8676
One Rogers Street
Cambridge, MA 02142
------------------------------------------------------------------
Rich Salz <rsalz@datapower.com>
Sent by: xml-dist-app-request@w3.org
10/15/03 10:37 AM
To: Marc Hadley <Marc.Hadley@Sun.COM>
cc: xml-dist-app@w3.org, (bcc: Noah Mendelsohn/Cambridge/IBM)
Subject: Re: Complete WSS Review incl Noah's additions
> *** SOAP 1.2 is XML Infoset based, SOAP bindings are required to
> preserve SOAP message infosets when transferring messages. In order to
> properly integrate with SOAP, the SOAP Message Security specifications
> need to be recast in Infoset terms. This will require the specification
> to normatively state the mapping from XML Infoset to the data object
> (typically an XPath nodeset) used as input to the constituent
> cryptographic operations (e.g. C14N).
Does the WG feel that it's worthwhile to adopt the terminology of SOAP
1.2 yet not adopt its entire Infoset approach? If so, I strongly
suggest that you add something to that effect here. It's good that this
mentions the work that WS-Security would have to do. I am fairly
confident that they will reject this item, so you might want to consider
ways of not forcing them to ignore all the 1.2-related items you raise.
> *** The specification should define the values of the
> Fault/Reason/Text, Fault/Code/Value and Fault/Code/Subcode/Value EIIs.
Suggest you define EII, if only to remind WS-Security folks who have
ignored the Infoset. ;)
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 15 October 2003 10:54:46 UTC