- From: Ugo Corda <UCorda@SeeBeyond.com>
- Date: Fri, 5 Dec 2003 13:04:14 -0800
- To: "Francis McCabe" <fgm@fla.fujitsu.com>, "Cutler, Roger (RogerCutler)" <RogerCutler@chevrontexaco.com>
- Cc: <www-ws-arch@w3.org>
> (And so, I believe, has WS-I) WS-I is addressing intermediaries in the Security Profile, but not in the Basic Profile. In some way it was inevitable for WS-I to consider the security implications of intermediaries: the rationale usually given for introducing message-level security is the existence of intermediaries along the message path. Ugo > -----Original Message----- > From: Francis McCabe [mailto:fgm@fla.fujitsu.com] > Sent: Friday, December 05, 2003 12:57 PM > To: Cutler, Roger (RogerCutler) > Cc: Ugo Corda; www-ws-arch@w3.org > Subject: Re: Intermediaries > > > Oh yes, I agree with that. > However, the problems of building large scale systems are not > going to > disappear with the working group! So, I am not arguing for actually > solving these issues; but I am trying to put things into their proper > context. > > It would be easy to simply discard intermediaries. After all, > WSDL has! > (And so, I believe, has WS-I) > > In any case, I am not really raising problems. There *are* problems > with the picture around intermediaries (and a few other > places too :) I > think that putting them into a proper context will allow us to decide > whether to ignore them, raise their profile, whatever. > > Frank > > On Dec 5, 2003, at 12:37 PM, Cutler, Roger (RogerCutler) wrote: > > > Yes -- is it possible that the issues that you are trying > to raise with > > respect to intermediaries are beyond a reasonable scope for > the present > > effort, given the practical limitations of time and personnel? > > > > -----Original Message----- > > From: www-ws-arch-request@w3.org > [mailto:www-ws-arch-request@w3.org] On > > Behalf Of Ugo Corda > > Sent: Friday, December 05, 2003 2:34 PM > > To: Francis McCabe > > Cc: www-ws-arch@w3.org > > Subject: RE: Intermediaries > > > > > > > > Frank, > > I doubt we are going to solve that problem in the little more than a > > month left ... > > > > Ugo > > > >> -----Original Message----- > >> From: Francis McCabe [mailto:fgm@fla.fujitsu.com] > >> Sent: Friday, December 05, 2003 12:30 PM > >> To: Ugo Corda > >> Cc: <www-ws-arch@w3.org> > >> Subject: Re: Intermediaries > >> > >> > >> I kind of take a mild exception to this Ugo. I don't think > it is fair > >> to say that I am try to "satisfy my philosophical interests" with > >> computer technologies. > >> > >> I am banging on quite a lot about intermediaries because I > think that > >> it represents a way into a very difficult problem: how to actually > >> build large scale systems. > >> > >> Frank > >> > >> > >> On Dec 5, 2003, at 12:16 PM, Ugo Corda wrote: > >> > >>> > >>> Roger, > >>> > >>> I would not go for the deep philosophical meaning in all > >> this. We just > >>> have to acknowledge that specs have always some > >> underspecified areas. > >>> Maybe when WS-I decides to tackle intermediaries in a > Basic Profile > >>> (right now they are just "extension points"), it will pick a > >>> particular interpretation of this subject and run with it. > >>> > >>> In my view, computer technologies are not the right place > >> to look when > >>> you want to satisfy your philosophical interests ;-). > >>> > >>> Ugo > >>> > >>>> -----Original Message----- > >>>> From: www-ws-arch-request@w3.org > >> [mailto:www-ws-arch-request@w3.org]On > >>>> Behalf Of Cutler, Roger (RogerCutler) > >>>> Sent: Friday, December 05, 2003 11:59 AM > >>>> To: Ricky Ho; www-ws-arch@w3.org > >>>> Subject: RE: Intermediaries > >>>> > >>>> > >>>> > >>>> I might also comment that Frank seems to have a more > >> Olympian view of > >>>> the matter and, as far as I can tell, is saying that the > >> messages are > >>>> "the same" because we DEFINE them to be the same, not > >> because they are > >>>> judgeed to be the same by any criteria. Maybe I didn't > >> put this quite > >>>> right because I don't understand what he is saying, so I didn't > >>>> make an effort to capture it. > >>>> > >>>> -----Original Message----- > >>>> From: www-ws-arch-request@w3.org > >>>> [mailto:www-ws-arch-request@w3.org] On Behalf Of Cutler, Roger > >>>> (RogerCutler) > >>>> Sent: Friday, December 05, 2003 1:53 PM > >>>> To: Ricky Ho; www-ws-arch@w3.org > >>>> Subject: RE: Intermediaries > >>>> > >>>> > >>>> > >>>> Again, this is sort of third hand -- I have been trying > to capture > >>>> what other people said. However, I believe that the sense I > >> got from David > >>>> Booth and others is that the issue of whether the message > >> going from A > >>>> to I is "the same" as that going from I to B is > something that has > >>>> to be considered in the context of "the application", broadly > >>>> understood. That > >>>> is, "the application" includes both what A is doing and what > >>>> B is doing. > >>>> So I guess that there is a God-like observer involved in > >> this scenario > >>>> or something. I don't see how you can think about choreography > >>>> without postulating some observer that can see everything that > >>>> happens and whose > >>>> observations correspond absolute reality, as opposed to what > >>>> is visible > >>>> to any particular participant. > >>>> > >>>> -----Original Message----- > >>>> From: Ricky Ho [mailto:riho@cisco.com] > >>>> Sent: Friday, December 05, 2003 1:30 PM > >>>> To: Cutler, Roger (RogerCutler); www-ws-arch@w3.org > >>>> Subject: RE: Intermediaries > >>>> > >>>> > >>>> 1) I can't see how B or C can determine whether the modified > >>>> message is the > >>>> same message given that they haven't seen the original one. > >>>> > >>>> 2) SOAP doesn't have the "SAME MESSAGE" concept and > therefore it is > > > >>>> NOT possible to make such differentiation at the SOAP level. In > >>>> some other > >>>> spec (such as RM), the "SAME MESSAGE" concept is very > >> important, there > >>>> they > >>>> define the messageID explicitly. > >>>> > >>>> About your encryption scenario, if determining the "SAME > >> MESSAGE" is > >>>> important to me, then I have to decrypt the messageID. And if I > >>>> cannot decrypt it, I shouldn't process the message. > >>>> > >>>> Rgds, Ricky > >>>> > >>>> At 12:45 PM 12/5/2003 -0600, Cutler, Roger (RogerCutler) wrote: > >>>>> I'm not an expert here, and I was mostly trying to capture > >>>> the sense of > >>>> > >>>>> a conversation. However, I believe that several people > >>>> agreed that it > >>>>> is, indeed, up to B and C to participate in this decision, > >>>> and that the > >>>> > >>>>> "application" envisaged includes both sender and > >> receiver. This was > >>>>> explicitly stated, I believe, by both David Booth and > at least one > > > >>>>> other person, I've forgotten whom. > >>>>> > >>>>> About the messageID -- does a SOAP message necessarily > >> have one? If > >>>>> the intermediary encrypts the message, including the ID, > >> do you have > >>>>> the same messageID? It seems to me, from listening and > >>>> participating > >>>>> in a certain amount of conversation trying to sharpen up the > >>>> concept of > >>>> > >>>>> "same message" that this is a swamp. > >>>>> > >>>>> -----Original Message----- > >>>>> From: Ricky Ho [mailto:riho@cisco.com] > >>>>> Sent: Friday, December 05, 2003 10:49 AM > >>>>> To: Cutler, Roger (RogerCutler); www-ws-arch@w3.org > >>>>> Subject: Re: Intermediaries > >>>>> > >>>>> > >>>>> Can we use messageID to determine whether this is the "SAME" > >>>> message ? > >>>>> In other words, all other modification is insignificant. > >>>>> > >>>>> 1) Intermediary isn't the endpoint so it doesn't generate > >>>> new messages, > >>>> > >>>>> so the message it send MUST have same messageID as some previous > >>>>> messages it received. > >>>>> 2) Orchestration is the endpoint which produce or consume > >>>> messages, so > >>>>> the > >>>>> message it send MUST have different messageID from > >> previous received > >>>>> messages > >>>>> > >>>>> Going back to your example, it is NOT up the B and C to > >>>> interprete the > >>>>> changes made by I differently. The decision is completely > >>>> finalized by > >>>> > >>>>> I. > >>>>> > >>>>> Best regards, > >>>>> Ricky > >>>>> > >>>>> At 09:44 AM 12/5/2003 -0600, Cutler, Roger (RogerCutler) wrote: > >>>>> > >>>>>> Here is some text that expresses my understanding of > the sense of > > > >>>>>> some of the telcon conversation about intermediaries. > >> Please use, > >>>>>> modify or > >>>>> > >>>>>> ignor as seems appropriate. > >>>>>> > >>>>>> It is useful to draw a distinction between situations > >>>> where messages > >>>>>> are passed through intermediaries and choreographies. The > >>>> essential > >>>>>> issue is that an intermediary passes along a message that is > >>>>>> essentially, or functionally, the same as it received. > >> If, on the > >>>>>> other hand, the purpose or function of the message is > >>>> substantially > >>>>>> changed one should consider the situation to be a > >>>> choreography. This > >>>> > >>>>>> cannot be defined, however, in an entirely rigorous or > black and > >>>>>> white way -- one person's intermediary may legitimately be > >>>> considered > >>>> > >>>>>> a choreography by others. Note that since an intermediary > >>>> can change > >>>>>> the message, for example by encrypting it or by adding > ancillary > >>>>>> information, it remains a judgment call whether those > changes are > > > >>>>>> significant and functional. In addition, whether a > service that > >>>>>> passes > >>>>> > >>>>>> messages is considered an intermediary depends on > >>>> participants in the > >>>> > >>>>>> entire chain of the message. For example, if sender A > >>>> sends messages > >>>> > >>>>>> through I, which modifies the messages, to receivers B and > >>>> C, B might > >>>> > >>>>>> consider the modified message to be functionally unchanged > >>>> whereas C > >>>>>> might consider it to be different and take different > >>>> action because > >>>>>> of the modification. In the first case I would be > considered an > >>>>>> intermediary, in the second it would not. > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> > >> > > > > > > > >
Received on Friday, 5 December 2003 16:07:30 UTC