- From: David Hull <dmh@tibco.com>
- Date: Mon, 13 Mar 2006 12:51:36 -0500
- To: Christopher B Ferris <chrisfer@us.ibm.com>
- Cc: Glen Daniels <gdaniels@sonicsoftware.com>, public-ws-addressing@w3.org, public-ws-addressing-request@w3.org
- Message-id: <4415B128.1020504@tibco.com>
How we handle faults, according to the current Editor's draft (I double-checked :-): * SOAP processing failures (e.g. mU), are out of scope as always. * If there are no SOAP processing failures, then o If wsa:Action is absent, we don't say what happens. (We only state the converse). If WSA isn't engaged, disposition is out of scope. If it is, for whatever reason, see below. o If wsa:Action is present, even if it's mangled, or multiply present, or whatever, WSA is engaged. o If WSA is engaged + If wsa:FaultTo is absent, multiply present, or present but invalid, [fault endpoint] will be empty. Otherwise it will have the given value. I'm inferring this, but I don't see what else one could infer. Perhaps we should state more sharply that getting two of something you can only have one of leaves it undefined. + Likewise for wsa:ReplyTo. + And the rules in 3.4 of the core apply. If [fault endpoint] is empty, as it would be in Glen's case, we revert to [reply endpoint]. If wsa:ReplyTo had been missing, [reply endpoint] would be anon. If wsa:ReplyTo is also erroneous, [reply endpoint] is /empty/ and behavior is undefined. IMHO, this is good enough. If both wsa:FaultTo and wsa:ReplyTo are present and mucked up, we can't really guarantee your safety. In any case, the spec as it stands seems unambiguous, given that duplicating wsa:FaultTo leaves [fault endpoint] undefined. I can see cases where the left hand might add one wsa:FaultTo and the right hand add another, but this seems like a fairly basic failure in implementation that shouldn't make its way into production. Famous last words. Working from a clean slate, I might want to handle this differently, but at this stage I think we've done what we can. As with other cases, we might want to make a few editorial changes to clarify what's going on. Christopher B Ferris wrote: > > Glen, > > I would put this in the same class as "where do SOAP mU faults get > delivered". I believe that that > should be a function of the binding, not of WS-A because it is pretty > clear to me that in the face > of a SOAP mU (or VersionMismatch) fault, that WS-A processing cannot > be presumed to have > been performed (per the SOAP1.2 spec anyway). > > Thus, I think that an endpoint that includes a non-anonymous [fault > to] endpoint SHOULD expect > that it MAY receive SOAP faults in a manner defined as the default for > the relevant SOAP > binding. In the case of the SOAP Req/Resp MEP and SOAP HTTP binding, > that would be > the anonymous endpoint. > > IMO, if a SOAP message contains WS-A headers that are inconsistent > with the spec in any way > that the generated fault SHOULD be sent to the endpoint identified by > the relevant SOAP > MEP/binding. > > Cheers, > > Christopher Ferris > STSM, Software Group Standards Strategy > email: chrisfer@us.ibm.com > blog: http://www.ibm.com/developerworks/blogs/dw_blog.jspa?blog=440 > phone: +1 508 377 9295 > > public-ws-addressing-request@w3.org wrote on 03/13/2006 10:51:09 AM: > > > > > Hi folks: > > > > Sorry for the last-minute issue, but this just came up as a result of > > testing.... > > > > In the test suite, we have a test [1] for generating a fault when a > > request message contains 2 <wsa:FaultTo> headers. Imagine a message > > like: > > > > <soap:Header> > > <wsa:FaultTo> > > > > <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address > > > > > </wsa:FaultTo> > > <wsa:FaultTo> > > <wsa:Address>http://some-other-address</wsa:Address> > > </wsa:FaultTo> > > ... > > </soap:Header> > > > > The question is - where should the InvalidAddressingHeader fault go? I > > see three possible choices: > > > > 1) to the first <FaultTo> > > 2) to the second <FaultTo> > > 3) to the default (anonymous? see below) > > > > The test assumes that the fault will be delivered via the HTTP > > backchannel, i.e. to anonymous. But I can't find anything in the spec > > that would constrain an implementation to do so - in other words, it > > might be just as valid to try to send it to http://some-other-address. > > Therefore either the test is wrong to make the assumption, or the spec > > should be clarified. > > > > I do think that in the case where we cannot correctly convert SOAP > > headers into an appropriate MAP, the value for that MAP should not be > > set (and in this case would therefore default to anonymous) - perhaps > > this is the intent, but we should really be explicit about this if > > that's what we mean. > > > > Another question also arises - in the case where we have a problem > > generating the [FaultTo] MAP from the headers, should the generated > > fault be delivered to the [ReplyTo] address if there is one, or always > > to anonymous? I'd guess the former, but again we should make sure we're > > clear and explicit about it. > > > > I'd propose we fix this by adding something like the following at the > > end of the last paragraph in section 3.2: "In that case, any duplicated > > headers MUST NOT be used to populate the appropriate MAPs - the MAPs > > should be interpreted as if no such headers were present." I *think* > > this should do it, and since we're already clear about the lack of an > > explicit FaultTo causing faults to go to ReplyTo, I think we're covered > > there. > > > > I'd also like to add, for clarity, section headings for the last two > > paragraphs of section 3.2: > > > > 3.2.1 Sending Messages > > > > 3.2.2 Receiving Messages > > > > Thanks, > > --Glen > > > > [1] http://www.w3.org/2002/ws/addr/testsuite/testcases/#test1242 > >
Received on Monday, 13 March 2006 17:51:49 UTC