Re: Complete WSS Review incl Noah's additions

I haven't picked through all the WSS stuff in detail, but I would guess 
that in any case where you would legitimately not want to worry about it, 
you could deal with the terminology in a few sentences. 

For example (this is not fine tuned, but I think it conveys the idea): 
"SOAP 1.1 was expressed in terms of XML 1.0 and made only general 
provisions for alternate network transports or for alternate 
representations of XML on the wire by the corresponding bindings.  SOAP 
1.2 makes such capabilities more explicit by modelling the XML Envelope as 
an Infoset, and explicitly granting license to bindings to use non-XML 1.x 
representations on the wire (e.g. compressed, encrypted, binary-optimized, 
etc.)  if desired.  Except in situations where the differences are 
important, this WSS specification makes no explicit distinction between 
the SOAP 1.1 and SOAP 1.2 formulations.  A reference to a <soap:header> 
element, for example, should be understood as referring to the 
corresponding Infoset Element Information Item when SOAP 1.2 is being 

If there are particular cases where the distinction is important, then you 
should of course deal with it explicitly so your users will know how to 
use WSS with SOAP 1.1 and SOAP 1.2 respectively.    For example, I do 
think it would be worth giving some thought to which layers of WSS will 
work with approaches such as MTOM, which use the power of the Infoset 
formulation to enable certain optimizations.

Speaking just for myself, I see no need for reference to Infoset to 
pervade the spec, unless you want it to.   I do think you should make the 
connection to the SOAP 1.2 formulation, perhaps in the manner suggested 

Noah Mendelsohn                              Voice: 1-617-693-4036
IBM Corporation                                Fax: 1-617-693-8676
One Rogers Street
Cambridge, MA 02142

Rich Salz <>
Sent by:
10/15/03 10:37 AM

        To:     Marc Hadley <Marc.Hadley@Sun.COM>
        cc:, (bcc: Noah Mendelsohn/Cambridge/IBM)
        Subject:        Re: Complete WSS Review incl Noah's additions

> *** SOAP 1.2 is XML Infoset based, SOAP bindings are required to 
> preserve SOAP message infosets when transferring messages. In order to 
> properly integrate with SOAP, the SOAP Message Security specifications 
> need to be recast in Infoset terms. This will require the specification 
> to normatively state the mapping from XML Infoset to the data object 
> (typically an XPath nodeset) used as input to the constituent 
> cryptographic operations (e.g. C14N).

Does the WG feel that it's worthwhile to adopt the terminology of SOAP 
1.2 yet not adopt its entire Infoset approach?  If so, I strongly 
suggest that you add something to that effect here.  It's good that this 
mentions the work that WS-Security would have to do.  I am fairly 
confident that they will reject this item, so you might want to consider 
ways of not forcing them to ignore all the 1.2-related items you raise.

> *** The specification should define the values of the 
> Fault/Reason/Text, Fault/Code/Value and Fault/Code/Subcode/Value EIIs.

Suggest you define EII, if only to remind WS-Security folks who have 
ignored the Infoset. ;)

Rich Salz, Chief Security Architect
DataPower Technology                 
XS40 XML Security Gateway
XML Security Overview

Received on Wednesday, 15 October 2003 10:54:46 UTC