- From: FABLET Youenn <youenn.fablet@crf.canon.fr>
- Date: Tue, 06 Apr 2004 17:07:41 +0200
- To: www-ws-desc@w3.org
- Message-ID: <4072C7BD.1050600@crf.canon.fr>
I took an AI last thursday to write a few words about supporting HTTPS
within WSDL.
The basic idea was that by putting an https-schemed uri within the
location attribute of the endpoint, HTTPS use would be implied.
There is a nevertheless some drawbacks with this method. There are case
where stubs are generated with the interface+binding description. The
endpoint uri is not known at generation time but only at runtime. The
problem with the https-uri idea is that at generation time, we would not
know whether to add HTTPS support to the stub.
To generate a work-in-all-cases stub, we would need to add support for
both HTTP and HTTPS.
An alternative option is to add a piece of information at the binding
level telling whether HTTPS (or TLS maybe?) [is not | might be | is ]
used. With this bit of information (put for instance within the [wsoap |
http]:binding element), the generator would know exactly what to do...
Here are some words (based on R5001 words in BP1.1) explaining the basic
https-uri idea.
---
Words for the HTTP binding:
An HTTP endpoint can require the use of the HTTPS protocol. Its
description must meet the following constraint:
Its wsdl:endpoint MUST have a http:adress element whose location
attribute value is a uri whose scheme is "https"
---
Words for the SOAP/HTTP binding
A SOAP endpoint can require the use of the HTTPS protocol. Its
description must meet the following constraints:
a) Its wsdl:endpoint MUST have a wsoap:adress element whose location
attribute value is a uri whose scheme is "https"
b) Its wsdl:binding MUST have a wsoap:binding element whose protocol
attribute value is "http://www.w3.org/2003/05/soap/bindings/HTTP/"
---
Comments?
Youenn
Received on Tuesday, 6 April 2004 11:08:26 UTC