Re: Thoughts on TAG issue EndpointsRef47


Please see my comments below.


Christopher Ferris
STSM, Emerging e-business Industry Architecture
phone: +1 508 377 9295 wrote on 02/06/2005 08:19:47 AM:

> Jonathan - thanks for spending the time to try to make sense of this.
> On Fri, Feb 04, 2005 at 07:18:49PM -0800, Jonathan Marsh wrote:
> > mailto: doesn't work over HTTP.
> Sure it does!
> Content-Type: text/plain
> Content-Length: 5
> Ping!

I just tried to send Jonathan an email via my browser by entering his 
mailto: URI
in the URI field. Of course, that's a GET not a POST. However, apparently 
both Firefox 
and IE tried to transfer the message to Google's gmail service. It really 
didn't work in either case. Gmail was thoroughly confused by the request. 
they could update their origin server to recognize this and respond with a 

Compose Mail form pre-addressed to Jonathan. However, that would only be a 
hack if 
you ask me. The important thing, from my perspective, is that there is 
clearly a
line missing from the HTTP POST above, that which identifies the HOST to 
which the
message is to be sent. Seems to me that for this to work, it really should 
be ''
but I kinda doubt that Microsoft would oblige by supporting this request.

Bottom line for me, this is merely a hack that is keying off of what the 
does in response to the user clicking on a link that contains a URI with 
mailto: scheme.

Note that Hotmail and probably Gmail as well, use an HTML Form with 
and to a URI that is NOT the mailto: URI of the addressee of the email but 
to a
URI of a Servlet, ASP or CGI script that will process the entity body into 
valid SMPT request (most likely). 

OMG! They are tunnelling an RFC2822 To: address over HTTP POST! Watch out, 
Web's gonna crash! Alert the TAG! Stop the insanity!

> It doesn't work the other way around, because HTTP is currently the only
> application protocol which takes URIs rather than application-specific
> identifiers.  That's why it's special.  It's also part of the reason why
> the URI scheme has little to do with the protocol and therefore also
> why it's not a "transport address".
> >  Also it seems in conflict with a
> > basic tenet of Web services, which is that different hops might use
> > different protocols, each hop with a transport address appropriate to
> > that hop.
> Not at all.  It's definitely in conflict with the whole concept of
> "protocol independence", but not with what you wrote above.  Perhaps
> the mailto/HTTP example above will help illustrate why that is so.
> > Steve Maines responds [7] to Mark: "ProcessMessage/POST is not an
> > operation, it's a punt. It's a verb that effectively means 'hey, I 
> > no idea what you meant by this, so you go deal with this blob of data 
> > whatever way you see fit'. In other words, it's a non-verb."  Chris
> > Ferris immortalizes himself by making a similar point [8]: "'When I
> > accept POST', said Humpty Dumpty, 'it means just what I choose it to
> > mean, neither more nor less.'"  The implication is that POST is more 
> > a hook for a higher-level application protocol than a component of an
> > application protocol itself.  Looks to me like higher layers are
> > arguably blessed by HTTP itself.
> POST is (at least) two things.  The first is the name of the semantic of
> "document-in, document-out" style interactions, where one agent submits
> a document to a service for processing, and perhaps gets a document in
> return, and where that expectation - "processing" - is the only one the
> client holds.  If you want all services to be able to accept documents
> from any agent, then they all have to expose the same operation.
> Another thing that POST is, is the correct HTTP operation to use when
> you need to tunnel an application-specific mutating operation through
> HTTP, since it's the closest semantic match.  So yes, it is the hook you
> refer to, but no, I wouldn't say that HTTP blessed the practice, even
> implicitly.
> FWIW, the RESTful use of HTTP is the former use.

Sorry, but how is one to distinguish one from the other? For that matter, 
is the "processing" mentioned in the first case? How is it different from 
"an application-specific mutating operation" and exactly what is that? 
Does RFC2616 
place *any* constraints at all on the nature of the "processing" that can 
performed in response to a POST?

Of course it doesn't. 

> > In the end, I can't conceive of any non-draconian solutions, and Mark
> > doesn't propose any either (which is one of the reasons his posts are 
> > frustratingly abstract).
> I haven't proposed any because I want to be able to discuss the problem
> without any solution-specific issues getting in the way.  But if you're
> interested, I think the simplest solution would be to drop the concept
> of an underlying-protocol-agnostic SOAP binding and create a SOAP/HTTP
> binding instead which would place the important protocol metadata like
> "address" in the Request-URI of HTTP, and also require other bindings
> that do things similarly for other application protocols, e.g. put the
> address in the "RCPT TO" SMTP operation.  Is that too draconian?  I
> wouldn't personally call it that, since most SOAP usage is over HTTP
> anyhow.  But I agree it's "radical" insofar as it abandons protocol
> independence.

Sorry Mark, but exactly what *is* the problem? HTTP places *no* 
what-so-ever on the content in the entity body of the HTTP POST message 
from requiring that it be valid with regards to its MIME type. WS-A is 
no constraints on use of the URI value of wsa:Address in an EPR. As Gudge 
pointed out, the most common use case will be that the URI value will, 
bound to SOAP/HTTP (1.1 or 1.2), be to place the URI in the HTTP 
field. However, that would apply exclusively to a binding of SOAP to HTTP,
not necessarily to any other protocol such as SMTP, BEEP, FTP, 
or whatever.

Since you seem to have all this energy to go to the trouble of alerting 
TAG to this monstrous abuse of the Web architecture that would be resolved
by a formalized binding of SOAP+WS-A/HTTP, why don't you write one (using 
SOAP Binding Framework in SOAP1.2) and submit it to the WG (or more likely
to both the XMLP and WS-A WGs) for consideration as a possible, but 
binding. That would be a much more positive and productive engagement.

> Cheers,
> Mark.
> -- 
> Mark Baker.   Ottawa, Ontario, CANADA.

Received on Monday, 7 February 2005 13:31:12 UTC