OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-iic-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [ebxml-iic-msg] RE: [ebxml-iic] "Final" resend of level 1 requirements

Title: RE: [ebxml-iic] "Final" resend of level 1 requirements

Mike:

Thanks for quick iteration.
Here is another review on it, and comments on your comments...
I believe we make progress in getting to a Test Req format that is
more specific than the spec in terms of what the test content will actually be,
and yet is abstract enough so its does not depend on a particular test
procedure/framework.

Cheers,

jacques


-----Original Message-----
From: Michael Kass [mailto:michael.kass@nist.gov]
Sent: Wednesday, June 19, 2002 11:37 AM
To: ebxml-iic@lists.oasis-open.org
Cc: michael.kass@nist.gov
Subject: [ebxml-iic] "Final" resend of level 1 requirements



Finally figured out mail problems. I apologize for
the bad attachments. Here is the level 1 requirements.

Mike

  

My comments tagged: [Jacques]
---------------------------

NOTE1: it is useful to specify, for each test item, the context of its verification:
Should it be verified: 
(1) for messages received by the candidate MSH? 
(2) for messages generated  by the candidate MSH?
(3) on the callback from application interface (e.g. some errors)?
So I'll add this info for each test item.

[Jacques]: one way to do that, is to use the "Condition" part of the tset req, 
which states what are the pre-conditions required for applying this test
(more on that below)
So for example, we could now have in a COndition part that was empty before: 
"for each generated message" , in case the test applies to generated messages.
Or, we could have "for each received message", in case it applies to received
messages. 
And if Condition used to contain a cond "C1", then well have:
"for each received message that satisfies C1", etc.
What do you think?

....


r1.1.2:(generated M)
can we detail a little more what that means?

[MIKE] - I believe that the following excerpt from the SOAP With Attachmentts 
specification provides  the requirements for validating SOAP MIME headers:

The primary SOAP 1.1 message must be carried in the root body part of the 
Multipart/Related structure. The type parameter of the Multipart/Related 
media header will always equal text/xml. 
Referenced MIME parts must contain either a Content-ID MIME header structured 
in accordance with RFC 2045, or a Content-Location MIME header structured 
in accordance with RFC 2557. 
It is strongly recommended that the root part contain a Content-ID MIME 
header structured in accordance with RFC 2045, and that in addition to 
the required parameters for the Multipart/Related media type, the start 
parameter (optional in RFC 2387) always be present.

I added 4 conditions against the above.

[Jacques]: That is definitely more precise than before.
a bit of editorial job still needed I think: i am still uncomfortable with the
way we use condition/assertion, although we improved a lot:
even though the distinction Condition / Assertion is not much important 
from a test execution viewpoint, I believe we could/should use it with the 
following meaning:

o it should help readers understand *in which case* the core of the 
test requirement applies, i.e. if the COndition is not satisfied, 
then we cannot say that the test req has been actually verified: 
just that no matching situation occurred.

o In case we cannot drive the test harness so that it generates such a situation
that satisfies the "Condition" part of a test req, that means we cannot guarantee
coverage of this test req (coverage = null). In case we can only generate
a subset of the situations, coverage is "partial".

[Jacques]: so to get back to our test req item:
- in r1.1.2, I think the interpretation should be:
[Condition]:"IF the message is multipart MIME (or in any case is NOT a pure SOAP msge) 
[assertion]: THEN it should satisfy SwA requirements"
- So the COndition part (which maybe should be renamed "Pre-condition" to avoid
ambiguity) tells that this test verification only applies to multipart messages
(because straight SOAP messages are allowed when no payload...).
- So the test req item could be:
[precondition]: for each generated message, if is multipart MIME, OR is not 
enveloped like a pure SOAP ("text/xml")
[assertion]: the message must then be SwA compliant, which means: 
(...all you listed  previously in "Condition")
- if all you listed in Condition part is enough to capture SwA, we don't need 
to restate what you had before in previous Assertion (as it is just a recap of SwA).
- We might have to revisit the content of [Pre]condition/Assertion
throughout the other test reqs (I'll try for some). 

r1,1,5: (generated M)
[Jacques]:
A way to state that in a "testable" way is:
[precondition]: In case the mesage is NOT a multipart MIME
[assertion]: it must have no payload.
(Note 1: only "partial" testing can be done here, as we can't force an MSH to
satisfy the pre-condition: we have no control on it.)
(Note 2: this is also a "double test": according to spec 2.1.2, we should check 
for Received M as well:
[precondition]: For each received message, if it is NOT a multipart and is
a well-formed SOAP message without payload,
[assertion]: The MSH should accept it.)

[Jacques]:
r1.1.9: 
- The way this test req is stated is not wrong, but too restrictive:
it does not cover cases where there are SOME payload elts that are identified 
in Manifest, but SOME are not... (in fact, that is stated in r1.1.10,
but I believe r1.1.9 is actually completely subsumed by r1.1.10 as stated,
i.e. if 10 is satisfied, then 9 always is...)
It needs be rephrased:
[precondition]: for each generated Message M, if M has some payload containers 
[assertion]: each container content must be identified in Manifest.
- we should state "for generated Message" (generated M)
I really believe we should always add this "context", either as a new column,
or as part of the "precondition" ("generated Message M has no payload
identified in Manifest.) 
- now, that sums-up previous r1.1.9 and r1.1.10. But another point in 2.1.4 is:
"If there is no application payload within the Message Package then a Payload Container MUST NOT be present."
So here, I think we need to check that if there are payload containers, then they are not empty.


r1.1.7:  (received M)
The "charset = UTF-x" MIME parameter can still - and should - be verified?

[MIKE] - Designated test coverage as "partial".... will only veritfy that 
UTF-X is the value supplied for the MIME content-type

r.1.1.11:(received M)
Partial check can be done? (by falsification of a message: we put all possible
other MIME headers in, and just see that the message is well received.)

[MIKE] - Fair enough.  Designated test coverage as "partial", based on the assumption
that we will be putting in every possible MIME header.

[Jacques]:
We should interpret a little more what "ignore" means (spec 2.1.5) from a tset req viewpoint:
I would say it means no error with code "Error" is generated, and behavior is same
as if feature wasn't there. 


r1.1.25: (received M)
The rejection must be in "accordance with SOAP", I believe there should be a SOAP Error,
that should then translate into an MSH error. So by falsification, we should be
able to partially check this (i.e. just for one instance of a non-recognizable header.)

[MIKE] - Agreed.


r1.2.1: (generated M)
Actual test is that the "From" and the "To" are present. (identifying the 
party can't be verified)

[MIKE] - Agreed. Since we are now only checking if "From" and "To" are present, 
I removed this requirement because schema validation ( done for every message 
generated by the candidate ) 
will always verify whether both  "From" and "To" are present.

r1.2.3: (generated M)
As worded, I believe we have no way to verify that... however other validation can be done:
(uniqueness of type attr value, position of "role" element if any)

[MIKE] - Agreed. Substituted partyId attribute "uniqueness" requirement
for this requirement.


r1.2.5:  (received M)
Note: this is the kind of test that can be "doubled", i.e. verified for both received
and generated messages. In that case, we should make it two test req items:
For rceived M: stated as you said (we SHOULD observe an error message)
For generated M: 
(generated M) either the PartyId type attr is present, or if it is not, its value MUST be URI.

[MIKE] - "Doubled" this requirement into a "send" and "receive" scenario.

r1.2.7:  (received M)
Is the spec ref wrong (3.2.1)? it seems to refer to XLinks in my version.
Anyway the scope of that test seems too broad - too high level - normally should be split in several
test items. Can we ignore it and rely on more specific discrepancy checks as they 
show up later in the spec? 

[MIKE] - Agreed. Removed this requirement. CPPA/message discrepency tests will have to
be done on a lower-level, individual basis.

r1.2.9: (generated M)
Only partial verification possible: this requirement actually involves the application 
behavior: this is a usage guideline for the app... if the app does not set the conv id right, 
no way can check that: could be another conversation. We may just verify that the conv id
set by our test service is well reported in the msg?
We should also add a falsification test (generated M, here) for uniqueness of convID 
within a CPAid, where the app (our test service) on top of candidate MSH try to send two messages 
with different convID but same CPAid. Normally, the candidate MSH should complain - report
error to the app.

[MIKE] - If tests are performed serially, then it would seem that this 
type of a test could be done.  You assume that other messages will be 
sent simultaneously while testing is taking place.  Why not require that 
this test suite be run standalone against candidate ebXML MS implementations?
For now, I am following your recommendation and changing the test coverage to "partial"

[Jacques]: no, even for a "standalone" conversation: I mean that convID may change under
the control of an application, from one message to the other,
and we are not authorized to see anything wrong in this... This is an application
behavior. Unless we refer to the CPAId: the uniqueness of convID within
the same CPAId: 
[precondition]:  for generated messages , if several of them relate to same CPAId
[assertion]: these messages should all have same conversation ID. 
So again this depends on tha app side: can't cover that fully in a testbed. 
But if we assume an Error must be generated
if that is not the case, then we can cover the following test req: 
[precondition]:  for generated messages , if two of them relate to same CPAId 
but have different conv ID:
[assertion]: the MSH should generate an error. 
(and the test could be doubled with a "Received" version.)

r1.2.10: (generated M)
Remind in test description that this is about the Service element.
And also, this is a "double" test item:
(generated M): "condition C must be satisfied."
(received M): "if condition C is not satisfied, an error should/must be generated."


[MIKE] - Done.

r1.2.11:  (received M)
probably partial verification: we can only verify for some particular case of bad message
we generate (falsification).

[MIKE] - Done.

r1.2.14: (generated M)
Only partial verification possible: it depends on the application to set the RefToMsgId properly.
So we can simulate some unauthorized case, (but that is r1.2.15) by initiating a new conversation 
with our test service, that sets RefToMsgId (should not), and see an error. 
(yet, nothing is said about Error generated.
Is there an implicit assumption throughout the spec that failed reqs generate errors?)


[MIKE] - The spec is unclear as to what type of Error message is generated if the 
condition is not met ( because the previous message never existed, for example ).  
I do not find any "implied" assumption that all failed requests generate an error.  
This should be brought to the attention of the MS spec team as an item to be clarified. 
 For now, I would mark this test coverage as "none", since we cannot write a test for 
this requirement.

[Jacques]: I propose that, when the spec states MUST or SHALL, and does not specify 
what happens when that is not satisfied, that we interpret this as a RECOMMENDATION
for an Error generation. 
This should be the case for r1.2.9.


r1.2.18:  (received M)
The error msg should be returned to the "From" party.
Other test items should be derived from (3.1.6.4) , like TimeToLive if present should have 
valid UTC value (and not local time...)

[MIKE] - Correction made.. and an additional derived requirement for UTC created

r1.2.19:  (received M)
Even though this req is in "MS Core features", it really relates to Reliable Messaging
(MS additional features). We should handle this in Level 2.


[MIKE] - This requirement, along with r1.2.20 were both moved to level 2 requirements

r1.2.20:  (generated M)
(An example of the way r1.2.7 should be split into sub-items.)
Yet another "double" test, if in case we send a "bad" message: should there be an error?

[MIKE] - Moved to level 2 ( reliable messaging ), also "doubled" the requirement


r1.2.24:  (received M)
Yet another double test: we should also add the (generated M) version of this test req item:
For any generated messages from the MSH: "either the xlink:href does NOT contain a cid URI, or 
if it does, a MIME part with content-id must be present in payload container."


[MIKE] -  Done

r1.4.5:  (generated M)
I believe we can test that if no error are reported in a message sent by MSH, then 
the ErrorList elt must not be present.


[MIKE] - Done

r1.4.6:    (generated M)
Only partial check, as it may be hard to observe this from candidate MSH: we would need to 
make it generate such a message with several error elements.


[MIKE] - Done

r1.4.9:  (generated M)
reword as: the Error code must be valid. (we can't check more...)


[MIKE] - This is done in requirement r1.4.13... so this requirement will be removed.

r1.4.12:  (generated M)
I believe we can at least check the XPointer well-formedness, and in case of payload-related
error, this is not app-specific (all these errors are MSH level): 
we can send a message with a bad payload *container*.
so that we can check if the error generated is OK.


[MIKE] - Done.

r1.4.18:  (generated M)
I believe its very hard to test that, as it is the case where an error message is bundled
with a business message response. Some MSH may simply not support this feature.
We may not have any control on that from our test service. So I would say no coverage.


[MIKE] - Done.

r1.5.1:  (generated M)
We can test if we got the business response (generated by our test service)
as an HTTP response to the previous sending... so I would say coverage is OK 
(req level: RECOMMENDED, as SHOULD is the same).

[MIKE] - Done.

Note: spec 4.3.1 also report yet another case of CPA discrepancy that is not allowed:
SyncReplyMode. Should be in a separate test req item.

[MIKE] - Added this requirement, actually "doubled" it for generated and received

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC