RE: Quality of Service from Jeffrey Schlimmer on 2003-04-17 (www-ws-desc@w3.org from April 2003)

From: Jeffrey Schlimmer <jeffsch@windows.microsoft.com>
Date: Thu, 17 Apr 2003 11:00:42 -0700
To: <info@johanpeeters.com>
Cc: <mrbannon@uwaterloo.ca>, <www-ws-desc@w3.org>
Message-ID: <2E33960095B58E40A4D3345AB9F65EC109D200DE@win-msg-01.wingroup.windeploy.ntdev.mi>

Johan Peeters writes:
>There has been some discussion at the OASIS WSS TC about QoP 
>(Quality of Protection) which I would consider as a subset
>of QoS. My understanding is that they are currently thinking 
>of introducing a new binding, secure SOAP, that would have
>extensions allowing you to specify the QoP. Is this the way 
>to go? I personally would hope for a more orthogonal
>definition of QoP (and other QoS aspects for that matter)

Agreed.

>I.e. a QoP can apply to a web service regardless of
>whether its wire format is SOAP or not. It seems to
>me that WS-Policy might just do that.

WS-Security uses WS-Policy to state security requirements independent of
the specific port type or the underlying transport. 

http://msdn.microsoft.com/ws/2002/12/ws-security-policy/

>But that is by-the-by. What I really want to know is this: what 
>are the respective responsibilities of the W3C WS description 
>WG and the OASIS WSS TC working group wrt QoP/QoS descriptions

The W3C Web Service Description (WSDL) Working Group (WG) charter is the
official answer.

http://www.w3.org/2002/01/ws-desc-charter

The current WSDL 1.2 draft allows annotations. Annotations could be
defined to indicate QoP or QoS, but my guess is that the WG will not
define them.

>and how will the pieces ever fit together?

I am not intimately familiar with the charter of the Oasis WSS TC, but
note that WS-I has played an integration role in the past.

http://www.ws-i.org/Profiles/Basic/2003-03/BasicProfile-1.0-BdAD.html

>Will a WSDL 1.2 specification tell us, for example, whether a
>secure SOAP message is required to access a service?

WS-PolicyAttachment defines a means to indicate within a WSDL 1.1
document that a service requires general policy (or security policy
specifically). I would be very surprised if similar mechanisms do not
exist for WSDL 1.2 by the time it is finalized.

http://msdn.microsoft.com/ws/2002/12/PolicyAttachment/

>What if the binding is not SOAP?

If bindings are allowed to have different message data and/or processing
models, then it will be difficult to define annotations that can be
generally applied to the different architectures.

Received on Thursday, 17 April 2003 14:00:50 UTC