Re: Potential issue around ws-security and wsdl definitions

David,

This sounds like an excellent suggestion and a model for future excellent
suggestions.  I was pleased (from Zahid's email) to see the QoP group is already
thinking along similar lines.

To expand slightly upon your best practice, I believe we need to recommend
architectural (at least semantic but possibly structural) alignment between the
metadata provided as SOAP headers / features / modules (sorry, my brain lost the
correct term) and WSDL description extensions.  For example, a WSDL document may
describe three qualities of service (or security).  Let's call them good, gooder
and goodest.[*]  A client should be able to choose between these qualities with
as similar a structure as possible.  An aligned SOAP module should enable the
client to say "gooder".

I suspect we're looking at a wide sliding scale between static (WSDL) and
dynamic (SOAP) metadata "provisioning".  In some cases, everything is described
up front.  For some types of information, such as the endpoint URL for the
service, this will always be the case.  For other cases, the bulk of the
information will be provided in the SOAP envelope.  Let's try to help developers
of derivative specifications and end users make their own choices about where
they sit on the scale and what metadata needs to be provided when.

thanx,
    doug

* The meaning of those terms is orthogonal to the question I'm asking.  I don't
care for the sake of this argument whether the terminology / taxonomy / ontology
information comes from Merriam Webster (the book), www.m-w.com, RDF or an
available napkin.

David Orchard wrote:

> Hi all,
>
> I wanted to potentially raise an issue around liaison with oasis
> ws-security.  ws-security does not currently provide wsdl definitions for
> the security elements exchanged.  There is a discussion list around
> describing qualities of service.  I think it would be a good thing to ask
> oasis ws-security tc if they could provide wsdl definitions as part of their
> v1 output.  Obviously this is a very delicate area, and we don't want to
> annoy them.  If there isn't a strong majority within our group, then I
> wouldn't want to proceed either.  This certainly appears to be an
> architectural area.  It appears the key issue is around timing of when to
> provide description - either at the same time as the soap definitions or
> later.
>
> I think this is also a "web service spec" best practice - Descriptions
> should be provided at the same time as runtime extensions.
>
> Some potential wording suggestion
>
> "Dear OASIS WS-Security TC,
>
> The W3C Web Services Architecture Working Group would like to express it's
> concern around the lack of WSDL definitions for WS-Security elements in the
> first version of the WS-Security product.  We would like to encourage the
> WS-Security group to take up this piece of work in the first version of it's
> product.  It appears that the issue is not so much the "goodness" of such a
> thing, rather the timing is the issue.  There are a variety of rationale for
> including description in v1: 1) To ensure that the runtime aspects can be
> described in a reasonable manner - it would be unfortunate if some headers
> were difficult to describe in wsdl; 2) To promote interoperability - bodies
> such as W3C and WS-I believe that interoperable descriptions are a
> requirement to interoperability.
> "
>
> Cheers,
> Dave

Received on Wednesday, 16 October 2002 17:57:14 UTC