- From: David Orchard <dorchard@bea.com>
- Date: Mon, 11 Nov 2002 15:47:24 -0800
- To: <wss@lists.oasis-open.org>
- Cc: <www-ws-arch@w3.org>
Dear OASIS WS-Security TC, The W3C Web Services Architecture Working Group would like to express its concern about the lack of WSDL definitions for WS-Security elements in the first version of the WS-Security specificaiton. As a best practice, members of theweb services architecture group believe that WSDL definitions should be part of any specification of SOAP Modules. We would like to encourage the WS-Security group to take up this piece of work in the first version of its specification. It appears that the issue is not so much the "goodness" of this, rather the timing is the issue. There are a variety of rationale for including description in v1: 1) To ensure that the runtime aspects can be described in a reasonable manner - it would be unfortunate if some headers were difficult to describe in WSDL; 2) To promote interoperability. The importance of WSDL for interoperability is evident by the prominent place that WSDL has in the W3C Web Services Activity and the WS-I Basic Profile. We were made aware of the significant range of possible descriptions. We don't think it appropriate to venture into your domain and make a recommendation on the extent of descriptions that should be provided - such as trusted authorities, etc. However, it is of our opinion, though we could easily be mistaken, that a simple description of the required WS Security elements in a given message is doable in a reasonably short time frame. We are certainly not advocating a large (say a year or more) delay in schedule. On behalf of the W3C Web Services Architecture Working Group, Dave Orchard
Received on Monday, 11 November 2002 18:47:57 UTC