W3C home > Mailing lists > Public > www-ws-desc@w3.org > November 2004

Re: Minutes of MEP Task Force 2004-11-23

From: David Booth <dbooth@w3.org>
Date: Tue, 23 Nov 2004 14:04:37 -0500
To: www-ws-desc@w3.org
Message-Id: <1101236676.3646.2002.camel@nc6000.w3.org>

Regarding today's MEP task force discussion, here are my followup
thoughts and further clarification of my position, since I don't think I
was very successful in conveying it during the call. :(

First, we all (on the TF call at least) agree that a service needs to be
able to fault when (for whatever reason) it doesn't like the Reply-To
message that the client has indicated.

Second I agree with Amy that it is possible for the actual runtime
messages to violate the MEP that is stated in the WSDL document. 
Furthermore, I also agree that there some cases in which the service can
detect that such a violation has occurred.  

My concern is that I think it would be harmful for the service to
*assume* that it knows more than the client about which endpoints the
client has authorized, because doing so would inhibit many legitimate
use cases in which the client adds a new physical address that is not
yet known to the service.  Thus, if the client specifies our current
in-out MEP, but also indicates a Reply-To an unknown physical address,
the mere fact that it specified that address in the Reply-To field
should be considered prima facie evidence that that physical address
*is* authorized to act on behalf of the client, and thus should not be
considered a violation of the MEP.   After all, that new address may
well be a legitimate part of the client node even though the service
doesn't yet know about it.

In particular, WSDL 2.0 should not require the service to know, in
advance, of all physical addresses that a client might use in
redirecting a reply, because such a requirement would imply a tighter
coupling between the client and the service than is needed or desirable
in many cases.  Certainly, we should *permit* a service to have an
application policy that requires it to know all potential Reply-To
addresses in advance.  But I think that would be an application-level
constraint.  I don't think we need to put anything in the WSDL 2.0
language to specifically support that.

The bottom line is that I suggest -- actually JMarsh made this
suggestion on the call, but I didn't manage to minute it in the midst of
our debate :) -- that the service be permitted to characterize the fault
either as a violation of its policies about where replies are permitted
to be redirected or as an MEP violation.  How about letting the service
characterize the fault in whatever way it sees fit?  

On Tue, 2004-11-23 at 13:02, David Booth wrote:
> Minutes of MEP Task force 2004-11-23 are at
> http://www.w3.org/2004/11/23-ws-desc-minutes.htm
. . . .

David Booth
W3C Fellow / Hewlett-Packard
Received on Tuesday, 23 November 2004 19:04:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:06:45 UTC