- From: David Orchard <dorchard@bea.com>
- Date: Fri, 1 Nov 2002 09:50:22 -0800
- To: <www-ws-arch@w3.org>
Please review the following, your comments welcome but also hopefully this will be the last version before it goes to the oasis ws-security tc. Dear OASIS WS-Security TC, The W3C Web Services Architecture Working Group would like to express its concern around the lack of WSDL definitions for WS-Security elements in the first version of the WS-Security product. As a best practice, members of the web services architecture group believe that WSDL definitions should be part of any specification of SOAP Modules. We would like to encourage the WS-Security group to take up this piece of work in the first version of its product. It appears that the issue is not so much the "goodness" of such a thing, rather the timing is the issue. There are a variety of rationale for including description in v1: 1) To ensure that the runtime aspects can be described in a reasonable manner - it would be unfortunate if some headers were difficult to describe in wsdl; 2) To promote interoperability. The importance of WSDL for interoperability is evident by the prominent place that WSDL has in the W3C Web Services Activity and the WS-I Basic Profile. We were made aware of the significant range of possible description. We don't think it appropriate to venture into your domain and make a recommendation as the extent of descriptions that should be provided - such as trusted authorities, etc.However, it is of our opinion, though we could easily be mistaken, that a simple description of the required WS Security elements in a given message is probably doable in a reasonably short time frame. We are certainly not advocating a large (year or more) delay in schedule. On behalf of the W3C Web Services Architecture Working Group, Dave Orchard
Received on Friday, 1 November 2002 13:47:00 UTC