W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

Re: Using attributes to mark RefProp's and RefParam's

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Mon, 29 Nov 2004 11:11:57 -0500
To: Christopher B Ferris <chrisfer@us.ibm.com>
Cc: public-ws-addressing@w3.org, Martin Gudgin <mgudgin@microsoft.com>, public-ws-addressing-request@w3.org, Rich Salz <rsalz@datapower.com>
Message-id: <64707BC4-4221-11D9-A193-000A95BC8D92@Sun.COM>

On Nov 25, 2004, at 11:11 AM, Christopher B Ferris wrote:
> Ok, let's say I have a gateway that serves as the external facing 
> endpoint
> for all of my internal services, which are hidden behind a firewall.
> I could expose an EPR that has the wsa:Address URI of my external 
> gateway
> and include ref prop(s) that are targetted at the soap:role of
> http://example.org/gateway which is the role of my Gateway. It knows 
> only
> to look for an element <gw:RouteTo> or something like that, of type
> xs:anyURI with a
> soap:MustUnderstand='true', and forwards the message to that URI, which
> could
> be an HTTP URI or possibly a URI for a WebSphereMQ queue from which the
> service endpoint will dequeue messages to be processed (asynchronously,
> of course! It's the only way babe... :-)

A few questions:

(i) Is the gateway a SOAP intermediary or the ultimate recipient ?
(ii) Why can't the gateway look for a wsa:To/gw:RouteTo instead ?

>  If the ref props/params are
> wrapped,
> then somehow the soap:role and soap:mustUnderstand of the ref 
> prop/param
> will need to be
> propogated to that wrapper element or else this use of ref props/params
> doesn't work.
Why doesn't it work ? The gateway can look for wsa:To/gw:RouteTo and if 
it doesn't find one it can return a wsa:DestinationUnreachable fault. 
In essence the gateway is acting in a routing capacity and is using the 
message addressing properties to do that. If we wrap the destination 
EPR then the SOAP processing rules for wsa:To can be written to support 
this kind of usage - e.g. target wsa:To to 'next', make it 
mustUnderstand='true' (mebbe), reinsert after processing, chuck a 
wsa:DestinationUnreachable if the header doesn't contain sufficient 
information to route to the next hop, etc.

If ref props params are being used for addressing and routing rather 
than for invoking arbitrary ws-* functionality then it makes sense (to 
me anyhow) to have wsa:To be an EPR with clear processing semantics.


> As for your point: "Nobody else does it.", I don't know what you mean 
> by
> this.
> Do you mean that there has, to date, been relatively little 
> exploitation
> of
> soap:role/actor? If so, I agree but I don't think that is an excuse to
> preclude its
> use in the design of WS-Addressing.
> As for the point: "It becomes impossible to write generic "process
> addressing information" (e.g., WS management infrastructures) without
> closely coupling the layers on a *per-operation* basis.". I don't buy
> that.
> Just because the ref props/params can be anything, doesn't mean that 
> there
> won't be a set of well-defined Qnames that can be baked into some
> infrastructure
> like WebSphere. The beauty of ws-addressing is that it allows for the
> minter
> of the EPR to be free to implement as it chooses and it doesn't impact 
> the
> implementation choices of the recipient of that EPR. It just works.
> As to the point: "It goes against the philosophy of composable 
> headers.".
> Please
> explain why it is you think that.
>> I think "we" have made our case that there are real security, and
>> coupling, concerns by doing this, and that it goes against the grain 
>> of
>> everyting else in ws-xxx-land being self-identifying.  I think now 
>> "you"
>> should need to answer the question above.
> I've given a real-world use case above for leveraging the SOAP 
> processing
> model.
> I could certainly think of others.
>> The problem with Dim's suggestion to add an attribute is that it
>> now makes it impossible for anyone to sign a refprop/param directly
>> (you have to use an XPath transform or something similar), since
>> the content changes during the promotion.
>>> I don't understand that scenario. A given endpoint X expects certain
>>> SOAP headers to be in a message.
>> This requires that endpoint X not have any optional headers, else you
>> are subject to the insertion attacks discussed earlier.  I do not 
>> think
>> it is reasonable to prohibit optional data, and the security cost of
>> allowing it seems too high.
>>    /r$
>> -- 
>> Rich Salz                  Chief Security Architect
>> DataPower Technology       http://www.datapower.com
>> XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
>> XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Marc Hadley <marc.hadley at sun.com>
Web Technologies and Standards, Sun Microsystems.
Received on Monday, 29 November 2004 16:12:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:28:21 UTC