RE: text/xml for SOAP is incorrect

The goal sounds entirely reasonable, but how will we draw a firm line to
avoid the slippery slope, because there will always be some peephole
advantage to putting one more bit of information into the MIME type?

Additionally, why is SOAP special?  If the goal is to have ignorant
intermediaries avoid touching messages they should not, suppose that
there is another subtype of XML doc that also should not be touched,
e.g. "application/xyzzy+xml".  Of course, no intermediary is yet
programmed to avoid messing with xyzzy subtype instances.  So, will they
act any better than if we just said "application/xml"?  That is, are we
solving the problem only for SOAP yet leaving the general problem
unadressed?

Another question, which may have been addressed in a message I
overlooked, but what if a SOAP message per the application/soap+xml
proposal were contained in a MIME multipart structure?  In this case,
the top-level MIME type would make no mention of SOAP (or would it?
How?)  If so, how would a processor of the message make the correct and
rapid messing-with or dispatching decisions?

Thanks in advance,
Andrew

-----Original Message-----
From: Mark Nottingham [mailto:mnot@mnot.net] 
Sent: Wednesday, September 19, 2001 12:13 PM
To: Andrew Layman
Cc: xml-dist-app@w3.org; dave@scripting.com
Subject: Re: text/xml for SOAP is incorrect




Ah, that's not it at all (well, at least from my standpoint). The
motivation isn't to enable *SOAP* intermediaries to identify messages
that they should touch, it's to avoid *HTTP* (and other
application-layer) intermediaries from messing with SOAP messages that
they shouldn't.

In other words, the concern is not to identify the message's type with
any granularity as a hint; it's to assure that the message isn't
confused with other XML content types, which some devices (for better or
worse) may make assumptions about. 

It may be helpful for us to consider typing (through content-type) and
hinting (through SA or Content-Features) separately; typing (being able
to recognize a SOAP message as such) is defensive, and IMHO should be
mandatory; hinting is application-specific, and is optional.


Cheers,



On Wed, Sep 19, 2001 at 10:55:39AM -0700, Andrew Layman wrote:
> But if intermediaries are going to distinguish SOAP from non-SOAP xml,

> would not some intermediaries need to further distinguish among 
> classes of SOAP messages?  Suppose that facilities are invented that 
> add digital signatures or encryption, for example.  Might not some 
> intermediaries desire to distinguish such secured SOAP messages from 
> other SOAP messages?  If so, do we end up with 
> "application/crypto+dsig+soap+xml"?
> This seems like a very slippery slope we are setting out on.
> 
> And, if we embark on names such as "application/crypto+dsig+soap+xml",
> then how do we designate which crypto spec is being referenced?  Which

> dsig spec?  This is contrary to the decentralized naming in URLs that 
> made the web grow so fast and successfully.
> 
> 
> -----Original Message-----
> From: Mark Nottingham [mailto:mnot@mnot.net]
> Sent: Wednesday, September 19, 2001 9:42 AM
> To: Jacek Kopecky
> Cc: christopher ferris; Henrik Frystyk Nielsen; christopher ferris;
> xml-dist-app@w3.org
> Subject: Re: text/xml for SOAP is incorrect
> 
> 
> 
> I think that's the intent of the '+xml' - to allow MIME processors 
> identify it as an XML format.
> 
> My concern is not so much dispatch - which is what the request-uri 
> should be used for, at any rate - but for identifying the messages as 
> being formatted to the SOAP conventions for those that will casually 
> handle them, such as intermediaries.
> 
> We've decided to run the HTTP binding on port 80, and to use HTTP 
> status codes to indicate SOAP semantics. SOAPAction is optional. If 
> SOAP 1.2 messages use application/xml, there is no easy way to 
> identify a message as SOAP. As a result, parts of the Web 
> infrastructure may treat SOAP messages as any old XML, performing 
> transforms, etc. Additionally, firewall vendors won't even have a 
> stop-gap means of controlling the flow of SOAP messages.
> 
> Is our intent to effectively hide the use of SOAP? Doing so seems to 
> risk both interoperability problems and the appearance that we're 
> antagonistic to firewalls, etc.
> 
> 
> 
> 
> On Wed, Sep 19, 2001 at 02:55:26PM +0200, Jacek Kopecky wrote:
> >  Chris,
> >  To explain my position: I am wary of application/soap and
> > application/soap+xml because it won't usually allow generic
processing
> 
> > as if it were XML. It's true that the usability of such generic
> > processing is debatable, but I don't immediately see the advantages
of
> 
> > application/soap...  either (when I strike out what I feel is misuse

> > -
> 
> > that would be the dispatching usecase).
> > 
> >                             Jacek Kopecky
> > 
> >                             Idoox
> >                             http://www.idoox.com/
> > 
> > 
> > P.S: 21st century started on Sep 11, 2001
> > 
> > 
> > 
> > On Wed, 19 Sep 2001, christopher ferris wrote:
> > 
> >  > Henrik,
> >  >
> >  > Certainly you agree that SOAP is it's own thing.
> >  > It just happens to also be XML. SOAP has its own process  > 
> > model. Why the resistance to a soap-specific  > media type? 
> > Certainly seems mostly harmless to me.  >
> >  > Cheers,
> >  >
> >  > Chris
> >  >
> >  > Henrik Frystyk Nielsen wrote:
> >  > >
> >  > > >Sure, why not? You can reflect the SOAP version in a MIME  > >

> > >"version" parameter on the Content-Type header. Dispatchers  > > 
> > >>can
> 
> > choose whether to use this (or not) as they see fit. A  > > >SOAP
> > processor can make the determination as to support of the  > > 
> > >namespace by inspecting the namespace and further dispatching  > >
> > >as needed (or loading the right modules, schema, whatever).  > >
> >  > > How is this different from regular XML processing to the degree
> that it
> >  > > requires a special content type?
> >  > >
> >  > > Henrik
> > 
> 
> --
> Mark Nottingham
> http://www.mnot.net/
>  
> 

-- 
Mark Nottingham
http://www.mnot.net/
 

Received on Wednesday, 19 September 2001 15:26:12 UTC