Re: Henrik's media type comments from Mark Nottingham on 2002-06-20 (xml-dist-app@w3.org from June 2002)

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 20 Jun 2002 10:15:46 -0700
To: "Henrik Frystyk Nielsen" <henrikn@microsoft.com>, "Mark Baker" <distobj@acm.org>, <xml-dist-app@w3.org>
Message-ID: <01cb01c21884$938609e0$01000001@MNOTLAPTOP>

> I agree with this direction but I think it may be better to put these
> considerations in places where SOAP is actually bound to underlying
> protocols, preferably in the security considerations of those bindings.
> Given that the media type doesn't really talk about the application
> semantics, it makes it hard to relate to without a lot of background
> knowledge.

I concur with Henrik here; that section has always struck me as sticking
out, and potentially confusing.


> >> The presence and content of the SOAPAction header field MAY be used
by
> >> servers such as firewalls to appropriately filter SOAP HTTP request
> >> messages and it may be used by servers to facilitate dispatching of
SOAP
> >> messages to internal message handlers etc. It SHOULD NOT be used as
an
> >> insecure form of access authorization."

I haven't kept current with the twisted state of SOAPAction, but I can't
find reference to it in Adjuncts (except an indirect reference to
"parameters" in the media type registration), and the change notes
indicate it's been removed to the I-D. There seems to be a missing link
here; does SOAPAction need to be exposed as a property?


> * Shouldn't there be normal IETF header/footer stuff with page number
> etc.?
>
> * A ToC would also be nice
>
> * I think normally the expiration time is stated in the left-upper
> corner as part of the front page header rather than in the status
> section.

Mark - I thought you were using xml2rfc to generate these?


> * I would consider deleting the last sentence in the first paragraph in
> section 1. I think it is going a bit too deep and I think the second
> paragraph follows more naturally without that sentence.

Agreed.


Mark, if you still wish to share the blame for this with me, please use
the following details -

<author initials="M." surname="Nottingham" fullname="Mark Nottingham">
  <organization>BEA Systems</organization>
  <address>
    <postal>
      <street>Level 15, 235 Montgomery Street</street>
      <city>San Francisco</city>
      <region>CA</region>
      <code>94104</code>
      <country>US</country>
    </postal>
    <email>mnot@pobox.com</email>
    <uri>http://www.mnot.net/</uri>
  </address>
</author>

Received on Thursday, 20 June 2002 14:02:03 UTC