- From: FABLET Youenn <youenn.fablet@crf.canon.fr>
- Date: Tue, 06 Apr 2004 17:07:41 +0200
- To: www-ws-desc@w3.org
- Message-ID: <4072C7BD.1050600@crf.canon.fr>
I took an AI last thursday to write a few words about supporting HTTPS within WSDL. The basic idea was that by putting an https-schemed uri within the location attribute of the endpoint, HTTPS use would be implied. There is a nevertheless some drawbacks with this method. There are case where stubs are generated with the interface+binding description. The endpoint uri is not known at generation time but only at runtime. The problem with the https-uri idea is that at generation time, we would not know whether to add HTTPS support to the stub. To generate a work-in-all-cases stub, we would need to add support for both HTTP and HTTPS. An alternative option is to add a piece of information at the binding level telling whether HTTPS (or TLS maybe?) [is not | might be | is ] used. With this bit of information (put for instance within the [wsoap | http]:binding element), the generator would know exactly what to do... Here are some words (based on R5001 words in BP1.1) explaining the basic https-uri idea. --- Words for the HTTP binding: An HTTP endpoint can require the use of the HTTPS protocol. Its description must meet the following constraint: Its wsdl:endpoint MUST have a http:adress element whose location attribute value is a uri whose scheme is "https" --- Words for the SOAP/HTTP binding A SOAP endpoint can require the use of the HTTPS protocol. Its description must meet the following constraints: a) Its wsdl:endpoint MUST have a wsoap:adress element whose location attribute value is a uri whose scheme is "https" b) Its wsdl:binding MUST have a wsoap:binding element whose protocol attribute value is "http://www.w3.org/2003/05/soap/bindings/HTTP/" --- Comments? Youenn
Received on Tuesday, 6 April 2004 11:08:26 UTC