- From: Yalcinalp, Umit <umit.yalcinalp@sap.com>
- Date: Tue, 23 Nov 2004 21:31:05 +0100
- To: "'David Booth'" <dbooth@w3.org>, www-ws-desc@w3.org
>-----Original Message----- >From: www-ws-desc-request@w3.org [mailto:www-ws-desc-request@w3.org] >Sent: Tuesday, Nov 23, 2004 11:05 AM >To: www-ws-desc@w3.org >Subject: Re: Minutes of MEP Task Force 2004-11-23 > > > >Regarding today's MEP task force discussion, here are my followup >thoughts and further clarification of my position, since I >don't think I >was very successful in conveying it during the call. :( > >First, we all (on the TF call at least) agree that a service >needs to be >able to fault when (for whatever reason) it doesn't like the Reply-To >message that the client has indicated. Big +1 on this idea. :-) I think this will cover a lot of cases I had been concerned about wrt the usage of Reply-To. > >Second I agree with Amy that it is possible for the actual runtime >messages to violate the MEP that is stated in the WSDL document. >Furthermore, I also agree that there some cases in which the >service can >detect that such a violation has occurred. > >My concern is that I think it would be harmful for the service to >*assume* that it knows more than the client about which endpoints the >client has authorized, because doing so would inhibit many legitimate >use cases in which the client adds a new physical address that is not >yet known to the service. Thus, if the client specifies our current >in-out MEP, but also indicates a Reply-To an unknown physical address, >the mere fact that it specified that address in the Reply-To field >should be considered prima facie evidence that that physical address >*is* authorized to act on behalf of the client, and thus should not be >considered a violation of the MEP. After all, that new address may >well be a legitimate part of the client node even though the service >doesn't yet know about it. > >In particular, WSDL 2.0 should not require the service to know, in >advance, of all physical addresses that a client might use in >redirecting a reply, because such a requirement would imply a tighter >coupling between the client and the service than is needed or desirable >in many cases. Certainly, we should *permit* a service to have an >application policy that requires it to know all potential Reply-To >addresses in advance. But I think that would be an application-level >constraint. I don't think we need to put anything in the WSDL 2.0 >language to specifically support that. > >The bottom line is that I suggest -- actually JMarsh made this >suggestion on the call, but I didn't manage to minute it in >the midst of >our debate :) -- that the service be permitted to characterize >the fault >either as a violation of its policies about where replies are permitted >to be redirected or as an MEP violation. How about letting the service >characterize the fault in whatever way it sees fit? +1 on this as well. > > >On Tue, 2004-11-23 at 13:02, David Booth wrote: >> Minutes of MEP Task force 2004-11-23 are at >> http://www.w3.org/2004/11/23-ws-desc-minutes.htm >. . . . >-- > >David Booth >W3C Fellow / Hewlett-Packard > > >
Received on Tuesday, 23 November 2004 20:31:58 UTC