One-way MEP with security from David Hull on 2006-10-26 (xml-dist-app@w3.org from October 2006)

From: David Hull <dmh@tibco.com>
Date: Thu, 26 Oct 2006 09:58:43 -0400
To: "xml-dist-app@w3.org" <xml-dist-app@w3.org>
Message-id: <4540BF13.2080600@tibco.com>

I have an action to propose text explaining possible subtle interactions
between the one-way MEP and, say, a SOAP security mechanism which
encodes a message to a receiver with that receiver's public key, in
other words, one which, given a single sent SOAP message, produces a
different SOAP message for each recipient.

On further reflection, I'm not convinced that anything subtle is going on.

First, consider a scenario where security is handled outside SOAP.  I
believe that XMPP can provide such an example.  In this case:

    * The sender sends a plaintext SOAP message
    * The transport encrypts that message, producing a different message
      on the wire for each recipient.
    * For each receiver, the transport decrypts that receiver's copy
    * Each receiver receives a plaintext SOAP message.

Clearly, this is an example of the one-way MEP, in which there happens
to be more than one receiver.

Now consider a scenario where security is handled within SOAP.

    * The sender sends a plaintext SOAP message to an intermediary
    * The intermediary encrypts that message, producing a different SOAP
      message for each recipient, which it then sends out.
    * For each receiver, an intermediary receives an encrypted SOAP
      message and produces a plaintext SOAP message, which it sends to
      the receiver
    * Each receiver receives a plaintext SOAP message.

Clearly, this is an example of the one-way MEP, in which there happens
to be more than one receiver.

As it happens, it also involves several other examples of the one-way
MEP, each with a single receiver.

The one-way MEP is playing a crucial role here.  It provides a standard
way to assert that each receiver receives the same plaintext message,
whatever happens in the middle.  Put another way, it provides a standard
way to assert that the overall behavior of the two systems is the same. 
You can use the underlying transport's security if it's available.  If
it's not, or if you otherwise choose not to, you can handle security
end-to-end using SOAP.

As far as I can tell, this is not a subtle interaction between security
and the one-way MEP.  It is simply layering.

Received on Thursday, 26 October 2006 13:58:58 UTC