Re: Thoughts on TAG issue EndpointsRef47

Hi Rich,

Feedback on the proposed solution is great, but please keep in mind that
this is just one possible solution, and I'm not married to it in any
way... except to say that it seems the most straightforward approach to
me.

On Sun, Feb 06, 2005 at 10:21:46AM -0500, Rich Salz wrote:
> A significant problem with putting wsa:To as the request-URI is that
> end-to-end content protection and integrity (signing and encryption)
> is lost.

I wouldn't say it's lost, I'd just say that it's changed.

A SOAP based encryption mechanism would still protect the *content*
of the message, just not the protocol metadata like operation and
address.  That would be left for the protocol.  I personally think
this is a much better layered solution in the general case.

> Or are you saying it should be *copied* and not moved?  That's what SMTP
> typically does, although RCPT-TO isn't the same as the To header (cf
> mailing lists).  That separation isn't something HTTP seems to support,
> although perhaps it should.

No, I wasn't suggesting copying, I was suggesting moving.  Leaving
the same information in more than one place in the message is just
asking for trouble IMO (SOAPAction anyone? 8-).

> Does the issue get resolved if we add a wsa:Request-URI to the EPR

Afraid not.  The issue is that the EPR address should go in the HTTP
Request-URI.

Mark.
-- 
Mark Baker.   Ottawa, Ontario, CANADA.        http://www.markbaker.ca

Received on Monday, 7 February 2005 05:51:30 UTC