Re: SOAP Binding and SOAPAction in SOAP 1.1 -- editorial issue from Anish Karmarkar on 2005-10-27 (public-ws-addressing@w3.org from October 2005)

From: Anish Karmarkar <Anish.Karmarkar@oracle.com>
Date: Thu, 27 Oct 2005 12:08:19 -0700
To: "Springer, Ian P." <ian.springer@hp.com>
CC: public-ws-addressing@w3.org
Message-ID: <436125A3.8080101@oracle.com>

[removed the public-ws-addressing-comment from the cc list]

Ian,

I was trying to cover the case of the SOAP 1.1 HTTP binding as defined 
by SOAP 1.1 spec, as well as the one-way SOAP 1.1 HTTP binding as 
defined by WS-I Basic Profile [1] -- which can be considered to be a 
modification of the SOAP 1.1 spec binding or a completely new binding.

But, in both cases it is still the HTTP request that has the SOAPAction 
HTTP header. So your suggestion of using: "The value of the HTTP 
*Request* header ..." works and is a better alternative for the reason 
that you point out. So +1.

-Anish
--
[1] http://www.ws-i.org/Profiles/BasicProfile-1.1-2004-08-24.html

Springer, Ian P. wrote:
>  
> 
> 
>     There is an editorial issue with the  paragraph quoted above (old as
>     well as new). SOAPAction HTTP header is required by SOAP 1.1 and BP
>     1.1 only in the case of HTTP request and not for the HTTP response.
>     The current wordings make it appear that the value of SOAPAction
>     HTTP header must be either "[action]" or "" for both the HTTP
>     request and response. To disambiguate this, I would like to suggest
>     a ed. modification:
> 
>     "Use of the SOAPAction HTTP header is required* in the HTTP Request*
>     when using the SOAP 1.1 HTTP binding.* *The value of the SOAPAction
>     HTTP header*, if present,* MUST either be "[action]" or "" (quotes
>     are significant). The latter case supports the ability to obscure
>     the wsa:Action header through SOAP-level security mechanisms,
>     without requiring otherwise unnecessary transport-level security. A
>     SOAPAction value different to "[action]" or "", results in the
>     generation of an Action Mismatch fault (see 5.4.1.6 Action Mismatch)."
> 
>       
>     I agree with adding "in the HTTP request", but not ", if present,",
>     which appears to conflict with the fact that we just stated that the
>     header was required. Perhaps instead say "The value of the HTTP
>     request header ..." or just leave the second sentence as is, since
>     the [new] first sentence already states we're only talking about the
>     HTTP request.
>      
>     Ian
>

Received on Thursday, 27 October 2005 19:08:42 UTC