- From: David Booth <dbooth@w3.org>
- Date: Tue, 23 Nov 2004 14:04:37 -0500
- To: www-ws-desc@w3.org
Regarding today's MEP task force discussion, here are my followup thoughts and further clarification of my position, since I don't think I was very successful in conveying it during the call. :( First, we all (on the TF call at least) agree that a service needs to be able to fault when (for whatever reason) it doesn't like the Reply-To message that the client has indicated. Second I agree with Amy that it is possible for the actual runtime messages to violate the MEP that is stated in the WSDL document. Furthermore, I also agree that there some cases in which the service can detect that such a violation has occurred. My concern is that I think it would be harmful for the service to *assume* that it knows more than the client about which endpoints the client has authorized, because doing so would inhibit many legitimate use cases in which the client adds a new physical address that is not yet known to the service. Thus, if the client specifies our current in-out MEP, but also indicates a Reply-To an unknown physical address, the mere fact that it specified that address in the Reply-To field should be considered prima facie evidence that that physical address *is* authorized to act on behalf of the client, and thus should not be considered a violation of the MEP. After all, that new address may well be a legitimate part of the client node even though the service doesn't yet know about it. In particular, WSDL 2.0 should not require the service to know, in advance, of all physical addresses that a client might use in redirecting a reply, because such a requirement would imply a tighter coupling between the client and the service than is needed or desirable in many cases. Certainly, we should *permit* a service to have an application policy that requires it to know all potential Reply-To addresses in advance. But I think that would be an application-level constraint. I don't think we need to put anything in the WSDL 2.0 language to specifically support that. The bottom line is that I suggest -- actually JMarsh made this suggestion on the call, but I didn't manage to minute it in the midst of our debate :) -- that the service be permitted to characterize the fault either as a violation of its policies about where replies are permitted to be redirected or as an MEP violation. How about letting the service characterize the fault in whatever way it sees fit? On Tue, 2004-11-23 at 13:02, David Booth wrote: > Minutes of MEP Task force 2004-11-23 are at > http://www.w3.org/2004/11/23-ws-desc-minutes.htm . . . . -- David Booth W3C Fellow / Hewlett-Packard
Received on Tuesday, 23 November 2004 19:04:46 UTC