- From: <Yassir.Elley@Sun.COM>
- Date: Wed, 8 May 2002 12:37:55 -0400 (EDT)
- To: Frederick Hirsch <hirsch@fjhirsch.com>
- Cc: www-xkms@w3.org
Firstly, for the sake of clarity, my understanding is that SOAP 1.1 was submitted to the XML Protocol WG, which is working on SOAP 1.2. Therefore, the term "XML Protocol" is interchangeable with "SOAP 1.2". It is not interchangeable with the term "SOAP 1.1". Therefore, phrases like "XML Protocol, including both SOAP 1.1 and 1.2" and "XML Protocol as defined in SOAP 1.1" don't really make sense because XML Protocol does not include SOAP 1.1 nor is it defined in SOAP 1.1. If my understanding is incorrect, please correct me. Secondly, I believe neither the current wording in the requirements document nor the proposed wording below reflect the consensus achieved at the F2F meeting. Specifically, we don't want to say "Every XKMS service MUST implement SOAP 1.1", since it is potentially encumbered. I am fairly flexibly on the rest of the wording. According to the minutes: "Resolution: Target 1.2 for normative purposes. Add requirement in the bindings section: Services must implement SOAP 1.2, and may have other bindings. E.g., constrained devices, etc. May also provide 1.1 interop or profiling (different namespaces, etc)." Because of the potential IPR issues with SOAP 1.1, and because the XKMS WG is chartered as Royalty Free, we had decided that we would make SOAP 1.2 mandatory to implement and would not require implementation of SOAP 1.1 at all. We had also decided that, for the sake of interoperability, we would specify a SOAP 1.1 binding, but would not require implementation of it. With regard to the schedule issues, I believe it was mentioned at the meeting that SOAP 1.2 is nearing Last Call. Since the XKMS spec is not nearing Last Call, it is probably safe to say "every XKMS service MUST implement SOAP 1.2." Clearly, that is our intent, modulo scheduling issues. With regard to "revisiting the question of whether implementors must support SOAP 1.2 should that specification reach CR status prior to the XKMS WG completing our work," I'm not sure how that works with respect to a Requirements Document that uses the word MUST. In other words, if our Requirements Document states that "Every XKMS service MUST implement SOAP 1.1" and that Requirements Document progresses to CR, can we later decide to ignore that requirement in the spec? Can we still claim conformance with the Requirements? One way around this may be to use "SHOULD" or "MAY" instead of "MUST". Revised proposed wording (taken basically from the minutes): a) The specification MUST provide a binding to SOAP 1.2 and (MAY/SHOULD?) provide a binding to SOAP 1.1 (for interoperability purposes). b) Every XKMS service MUST implement SOAP 1.2 when standardized. If this wording is not acceptable to anyone, please propose alternate wording. As I said, I'm pretty flexible on the wording with the exception of "Every XKMS service MUST implement SOAP 1.1.", which should not be implied. Regards, Yassir. >is this the idea: > >a. The specification MUST provide a binding to XML Protocol, including >both SOAP 1.1 and 1.2. > >b. Every XKMS service MUST implement XML Protocol as defined in SOAP 1.1 >and SHOULD implement SOAP 1.2 when standardised." > >Blair Dillaway wrote: >> I support adding a SOAP 1.2 binding to the spec given that it appears to >> further along in the W3C process than the XKMS spec. However, since the >> SOAP 1.2 spec has not yet reached last call status, much less candidate >> recommendation status, I believe it is premature to include language >> along the lines of "Every XKMS service MUST implement XML Protocol (SOAP >> 1.2)". >> >> The only firm specification is SOAP 1.1 and it is the only SOAP >> specification for which there are multiple deployed implementations. >> So, I believe we must continue specifying a SOAP 1.1 binding and this >> binding is the only one we can presently require for implementors. >> >> I'm open to revisiting the question of whether implementors must support >> SOAP 1.2 should that specification reach CR status prior to the XKMS WG >> completing our work. >> >> Blair >> >> -----Original Message----- >> From: Frederick Hirsch [mailto:hirsch@fjhirsch.com] >> Sent: Tuesday, May 07, 2002 4:47 PM >> To: Yassir Elley >> Cc: Shivaram Mysore; www-xkms@w3.org >> Subject: Re: Requirements & F2F minutes update >> >> >> I thought we decided that 1.2 was required but that 1.1 was as well due >> to the need to interoperate with existing implementations. I heard us >> say that the impact of requiring both would be minimal. >> >> If we change the requirements to only require 1.2 shall we also add the >> wording that "servers SHOULD also support 1.1"? >> >> Thanks for the additional comments >> >> < Frederick >> >> Frederick Hirsch >> >> Yassir Elley wrote: >> >>>Frederick and Mike have done a great job with the Requirements >>>document. Thanks! >>> >>>I do have a few comments on the May 2002 Draft. >>> >>>2.1.4 >>>We agreed at the meeting that the normative reference will be to SOAP >>>1.2, not SOAP 1.1. Suggested wording: "The specification MUST provide >>>a binding to XML Protocol (SOAP 1.2) [<link to XML >>>Protocol>] [List(Blair Dillaway, Yassir Elley)]. The XKMSspecification >> >> >>>Protocol>is required to >>>profile XML Protocol for interoperability, including use of document >>>literal including." >>> >>>2.1.5 >>>We agreed at the meeting that the normative reference will be to SOAP >>>1.2, not SOAP 1.1. Suggested wording: "Every XKMS service MUST >>>implement XML Protocol (SOAP 1.2)" >>> >>>2.2.4 >>>A space is needed between or and payload. Suggested wording: "..., >>>either transport security or payload protection." >>> >>>2.4.11 >>>I think the words "Protocol schedule" are missing here. Suggested >>>wording: "... XML Protocol bindings may be published as a separate >>>document from the specification to avoid dependencies on the XML >>>Protocol schedule. ..." >>> >>>2.5.4 >>>I am not sure the term "PKIX" is relevant here. "X.509" is probably >>>adequate. Also, XML DSIG refers to it as X509Certificate, not >>>X509Cert. Suggested wording: "The X509Certificate KeyInfo format MUST >>>be supported by a trust server if the service claims interoperability >>>with X.509." >>> >>>Also, neither X509Chain nor OCSP are defined in the XML Signature >>>spec. Suggested wording: "X509Chain and OCSP MUST be defined in the >>>XKMS specifications." and probably remove the following sentence, or >>>change it to "X509CRL is defined in the XML Signature recommendation." >>> >>>3 Out of Scope >>>Please add my name as the source for item 18. i.e. add "[List (Yassir >>>Elley)]" >>> >>>-Yassir. >>> >>>Shivaram Mysore wrote: >>> >>> >>> >>>>All, >>>> >>>>The Minutes [1] for F2F meeting held on 23 April have been uploaded on >>> >> >>>>to the site. Please send in your comments/corrections to the list. >>>>Also please take a look at your AI and send resolutions to the list. >>>> >>>>Thanks to Merlin Hughes and Glenn Fink for the excellent notes. >>>> >>>>Also, the new version of Requirements [2] have been uploaded to the >>>>website. Please send in your comments to the list. Thanks to >>>>Frederick Hirsch and Mike Just for the excellent work. >>>> >>>>[1] >>>>http://www.w3.org/2001/XKMS/Minutes/20020423-f2f2-draft-minutes.html >>>>[2] http://www.w3.org/2001/XKMS/Drafts/xkms-req.html >>>> >>>>/Shivaram >>>>______________________________________________________________________ >>>>_________ >>>>Shivaram H. Mysore <shivaram.mysore@sun.com> >>>> >>>>Software Engineer Co-Chair, W3C's XKMS >>> >> WG >> >>>>Java Card Engineering >>> >> http://www.w3.org/2001/XKMS >> >>>>JavaSoft, Sun Microsystems Inc. >>>> >>>>Direct: (408)276-7524 >>>>Fax: (408)276-7608 >>>> >>>>http://java.sun.com/people/shivaram (Internal: http://mysore.sfbay/) >>>>______________________________________________________________________ >>>>_________ >>> >>> >>> >> >> >> > > >
Received on Wednesday, 8 May 2002 12:38:57 UTC