- From: Christopher B Ferris <chrisfer@us.ibm.com>
- Date: Thu, 15 May 2003 17:22:39 -0400
- To: "Martin Gudgin" <mgudgin@microsoft.com>
- Cc: "Rich Salz" <rsalz@datapower.com>, xml-dist-app@w3.org
Gudge, I thought Rich's question was a little more subtle than that (which is why I didn't address the first part:) He asked: >>In other words, if there are no headers, are message processors allowed >>to insert/delete an empty Header element? I believe the answer is yes, >>as I can't find text that says otherwise. I took this to be asking a question related to processing a SOAP message (e.g. an intermediary). e.g. If I receive: <S:Envelope> <S:Header><tns:foo role="me"/></S:Header> <S:Body> ... </S:Body> </S:Envelope> and process the tns:foo header, can I serialize the message as: either: <S:Envelope> <S:Header></S:Header> <S:Body> ... </S:Body> </S:Envelope> or <S:Envelope> <S:Body> ... </S:Body> </S:Envelope> ? I might have expected the answer to be: yes, either is permitted as the messages are equivalent and both are valid (as you rightly point out). However, suppose I had a digital signature in the Body that signed over the message and simply excluded the tns:foo header. If I remove the S:Header element, I break the signature. Of course, maybe this is a bad idea, but ... The SOAP process model (last time I looked) said nothing about removing the S:Header, only about removing header blocks after they are processed by the node. I think that this is what Rich was asking. Of course, I could be mis-reading Rich's question too:) Cheers, Christopher Ferris Architect, Emerging e-business Industry Architecture email: chrisfer@us.ibm.com phone: +1 508 234 3624 "Martin Gudgin" <mgudgin@microsoft.com> wrote on 05/15/2003 04:56:29 PM: > Rich, > > [1] says that the Header element is optional. > [2] says that it can be empty. > > So, you're fine missing the Header element out, or putting it in but leaving it empty. > > Gudge > > [1] http://www.w3.org/TR/soap12-part1/#soapenvelope > [2] http://www.w3.org/TR/soap12-part1/#soaphead > > > > > > ________________________________ > > From: xml-dist-app-request@w3.org on behalf of Rich Salz > Sent: Thu 15/05/2003 19:50 > To: Christopher B Ferris > Cc: xml-dist-app@w3.org > Subject: Re: Content-free Header and Body elements > > > > > > I won't presume to answer the first part, however per section 5.1 [1], a > > SOAP Envelope > > must have a soap:Body element information item, although that EII may be > > empty. > > Thanks. I *thought* so, I just missed it while skimming the spec. > Perhaps it's time for *me* to get new specs. :) > > The more interesting one is the header element; looking forward to > answers there. > /r$ > > > > > Hence, > > > > > >> <S:Envelope> > >> <S:Header><tns:foo/></S:Header> > >> </S:Envelope> > >>and > >> <S:Envelope> > >> </S:Envelope> > > > > > > are both invalid SOAP messages. > > > > [1] http://www.w3.org/TR/soap12-part1/#soapenv > > > > Cheers, > > > > Christopher Ferris > > Architect, Emerging e-business Industry Architecture > > email: chrisfer@us.ibm.com > > phone: +1 508 234 3624 > > > > xml-dist-app-request@w3.org wrote on 05/15/2003 02:16:20 PM: > > > > > >>Are the following messages semantically equivalent (namespace > >>declarations omitted for brevity)? > >> <S:Envelope> > >> <S:Header></S:Header> > >> <S:Body><tns:foo/></S:Body> > >> </S:Envelope> > >>and > >> <S:Envelope> > >> <S:Body><tns:foo/></S:Body> > >> </S:Envelope> > >> > >>In other words, if there are no headers, are message processors allowed > >>to insert/delete an empty Header element? I believe the answer is yes, > >>as I can't find text that says otherwise. > >> > >>And what if there are no EII's for the Body, can that be omitted? > >> <S:Envelope> > >> <S:Header><tns:foo/></S:Header> > >> </S:Envelope> > >>and > >> <S:Envelope> > >> </S:Envelope> > >> > >>This has implications for message normalization and the ability to sign > >>SOAP messages. > >> /r$ > >>-- > >>Rich Salz, Chief Security Architect > >>DataPower Technology http://www.datapower.com > >>XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > >> > > > > > > > -- > Rich Salz, Chief Security Architect > DataPower Technology http://www.datapower.com > XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > > >
Received on Thursday, 15 May 2003 17:23:50 UTC