HTTPS support proposal

I took an AI last thursday to write a few words about supporting HTTPS 
within WSDL.
The basic idea was that by putting an https-schemed uri within the 
location attribute of the endpoint, HTTPS use would be implied.

There is a nevertheless some drawbacks with this method. There are case 
where stubs are generated with the interface+binding description. The 
endpoint uri is not known at generation time but only at runtime. The 
problem with the https-uri idea is that at generation time, we would not 
know whether to add HTTPS support to the stub.
To generate a work-in-all-cases stub, we would need to add support for 
both HTTP and HTTPS.
An alternative option is to add  a piece of information at the binding 
level telling whether HTTPS (or TLS maybe?) [is not | might be | is ] 
used. With this bit of information (put for instance within the [wsoap | 
http]:binding element), the generator would know exactly what to do...

Here are some words (based on R5001 words in BP1.1) explaining the basic 
https-uri idea.
---
Words for the HTTP binding:
An HTTP endpoint can require the use of the HTTPS protocol. Its 
description must meet the following constraint:
    Its wsdl:endpoint MUST have a http:adress element whose location 
attribute value is a uri whose scheme is "https"
---
Words for the SOAP/HTTP binding
A SOAP endpoint can require the use of the HTTPS protocol. Its 
description must meet the following constraints:
    a) Its wsdl:endpoint MUST have a wsoap:adress element whose location 
attribute value is a uri whose scheme is "https"
    b) Its wsdl:binding MUST have a wsoap:binding element whose protocol 
attribute value is "http://www.w3.org/2003/05/soap/bindings/HTTP/"
---
Comments?
    Youenn

Received on Tuesday, 6 April 2004 11:08:26 UTC