- From: Assaf Arkin <arkin@intalio.com>
- Date: Mon, 02 Jun 2003 19:47:37 -0700
- To: "Monica J. Martin" <monica.martin@sun.com>
- CC: public-ws-chor@w3.org
Monica J. Martin wrote: > > Assaf Arkin wrote: > >> >> <<Monica J. Martin wrote: >> >>> mm1: I would say that the WSDL MAY be legally binding, but it is >>> not the contract. >> >> >> >> I'm not sure if we can go far without agreeing that WSDL is a >> contract, or binding agreement, between two parties, in our case >> services. If it's not a binding agreement, why even bother using it? > > > mm1: It is an expression that can reference back to an agreement. I > would ask: (1) Is it appropriate that WSDL be an expression of a > binding agreement or optionally designated as legally binding or not, > and/or (2) Is it appropriate that the WSDL point to the overriding > agreement associated with the context the agreement provides for the > expression? A contract is a contract is a contract. It's a binding agreement between any number of parties (at least two). A contract that is enforecable by law is also said to be legally binding. A lot of contracts falls in this classification, but the term is more generic than one that requires the long arm of the law ;-) When you develop an EJB bean you design the bean based on the bean-container contract and the client uses that bean based on the client-container-bean contract. The term 'contract' has been used in the EJB spec for a few years now and so far no one has complained about legal issues. If I remember correctly version 2.1 has four of them. Perhaps because there aren't any in that particular usage of a contract. Some languages have contracts built into them, Eiffel is a good example for a design-by-contract language that never quite made it. Aspect oriented programming (AOP) is an even more evolved form of design-by-contract, it's Java incarnation is based on JSR 175. Maybe the term contract has been put out of context by software developers, but it's been around for so long that we can safely hijack it for our own purposes. It may have actually come from the hardware people ;-) WSDL definitely falls into the design-by-contract model in expressing the binding agreement between the service provided and service requestor, and a choreography language - with or without WSDL - expands on that contract. As far as non-legal contracts go, WSDL is sufficient. Now the question becomes, how would you associate WSDL to a legal agreement if you also had a legal agreement governing its use. I think the point it moot. Let's say my supplier failed to deliver a product in time. I call them up to cancel the order and they immediately say it's being handled right now and they'll send it the next day. That's a verbal legal contract. That's also a very terse contract because it doesn't contain all the legal information you need to enforce it -- all that information comes from the original purchase contract. It would be more precise if they said something to the effect of "We the party known as Seller hereby enter a contract to send the product by 12:00 AM tomorrow based on the stipulations made in the contract between the Seller and Buyer party signed in good faith on ...". But who cares? Let's say you have a contract with someone else and you are using WSDL based on that contract. Now something went wrong and you decide to sue them. For whatever reason you need to present that WSDL document as evidence. It would be admissable even if it never ever referenced the legal contract. The same way a million other types of business and technical docments are admissable without having to specify the contract which governs their use. Think of software as a good example. I buy a software product with gold level customer support. I install the software, read the manual but no where would it say that my use of the software is subject to the terms of the customer support contract. Yet, it is perfectly understood that it is and the legal view is that my use of the software and the manual are subject to the contract (until it expires). Imagine a world where you would have to sell several versions of the same product and print several copies of the same manual just so you can reference the support contract the customer has requested. And then you'll have to send them a new software or a new manual whenever the support contract expires, gets renewed or gets modified (e.g. to move from silver to gold or to renew it). So should WSDL be a legally binding agreement? No need for that, sufficient that you execute on the WSDL based on a legal contract you already have. Should it reference the legally binding agreement? There is no legal justification to do so, and it just adds another technical requirement to the already inflated list. I think we're creating a mountain out of nothing. I really recommend presenting some use cases to a lawyer and seeing if they think there's any problem that needs to be solved. We'll find out that there's really nothing to it*. As a side not, being able to reference a WSDL to the original party that created it is quite frankly not super interesting. It is important if you want to ensure the WSDL you get from one of your partners has not been corrupted by some attacker that uses it to forward your sensitive data to their system. XML signatures would be sufficient. It is useful because it lets you track WSDLs coming from the same source, for example, to invalidate all of them if that partner goes out of business or you decide to not use them ever again. Any old tracking mechanism would work. When it gets down to actually going to court to sue someone, the way we currently collect, present and judge evidence is good enough. Just make sure you have a legally binding contract that stipulates what you would be doing and that all WSDLs you are using are executed under the terms of that contract. And more specifically, get them from that party's UDDI directory (or whatever you use) and not from some unknown site on the Web - the contract would say that they are legally bound to the correctness of any WSDL contained there. arkin
Received on Monday, 2 June 2003 22:48:05 UTC