- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 15 May 2003 17:22:02 -0400
- To: Patrick.Hung@csiro.au, public-p3p-spec@w3.org
On Thursday 15 May 2003 03:20, Patrick.Hung@csiro.au wrote: > Hi Joseph, Based on the Registrar2Registry example discussed so far, I > simply create the SOAP messages as follows: Ok! Various tweaks to those files are now included in http://www.w3.org/P3P/2003/p3p-beyond-http/Overview.html new revision: 1.12 I've also done some re-org, and make sure that all XML is well-formed, and most all of it is valid as well -- just haven't check the SOAP messages. > Again we are trying to introduce an extensible element for SOAP header, > or you have any other idea. Not sure, in your message I would read that header as the registrar (service) representing the policy associated with data (*transfer* along the SOAP exchange) to the registry (recipient service). (There's also a question of how the registrar knows the registry's policy which I want to explore a little further -- it can be out of band, I just want to document the issue) But in order.xml I included the Privacy element as a child of the OrderInfo element, so it's like a "tag" associated with the data (at the application layer) for clarity. What does it mean when such a tag is provided in a SOAP header versus the actual application data? (We need to dig into the semantics of a SOAP envelope.) > Once we have all these protocols, we can start to discuss about the > issues of intermediaries and > ltimate SOAP receiver for the section "Transferring to a third party." From the reorg perhaps you can see that I wasn't planning on introducing another party... Granted, the present scenario isn't a proper "SOAP 3-way intermediary" because our first leg was mediated by XForms/HTTP, but I think that's ok. The important thing for me is to explore the three questions: 1. The Scope of the P3P Service Provider and Recipients (given their P3P 1.0 definitions. 2. The Scope of Layers and Bindings (HTTP and SOAP) -- I'm pretty confident we've ruled WSDL and UDDI as orthogonal/optional. 3. This question of should a privacy "taggit" be in the SOAP header, or with the application data, or both? (I don't think "taggit" is a word, but a while ago I heard that gunpowder has little identifying particles in it that can be used with forensics, and I remembered someone proposing that the policy should also "follow" the solicited data. I just can't remember the name." How's that sound? And yes, we've made great progress, we're approaching the point where it'd be good to explore the scenario with a web service guru who could tell us how confused we are. <smile/>
Received on Thursday, 15 May 2003 17:23:33 UTC