OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WS-CAF and the "Session Context Token"

As part of a discussion that began with message:
 
http://www.oasis-open.org/apps/org/workgroup/provision/email/archives/200506/msg00065.html
 
I had taken an action to investigate the proposed work in the WS-CAF TC to see this effort would meet these requirements.
 
The WS-CAF involves the development of a family of specifications that " define a generic and open framework for applications that contain multiple services used in combination (composite applications)." Three specifications are planned: WS-Context, WS-Coordination and a third to be named later.
 
The WS-Context specification is of particular interest. It provides "a definition, a structuring mechanism, and service definitions for organizing and sharing context across multiple execution endpoints." Context may include a range of information but always include

"A mandatory wsctx:contextIdentifierType called wsctx:context-identifier. This identifier can be thought of as a “correlation” identifier or a value that is used to indicate that a Web service is part of the same activity. The wsctx:contextIdentifierType is a URI with an optional wsu:Id attribute. It MUST be unique."
 
While the specification is pretty general, it also states that "where messages (either application messages, or WS-Context protocol messages themselves) require contextualization, the context is transported in a SOAP header block".
 
I couldn't see a proposed date for OASIS standardization for WS-Context. A recent draft has been published and is being worked on (also discussion of interop). My guess would be that it would be an OASIS standard by end-of-year.
 
SUMMARY:
The WS-Context specification appears to provide a solution to some of the requirements described in Gary's message. However, the term "Session Context" is absent from WS-Context so maybe there are some requirements (e.g., session time-out?) that are not captured there.
 
My own suggestion in that space is that concepts like sessioning and time-outs should definitely be left to the security layer (distinct from both WS-CAF and SPML) and I question whether the PSTC should provide any additional support for it within SPML. Unfortunately, a general purpose sessioning model for messages is not yet under development by a standards body. There is a draft produced by a group of vendors called WS-SecureConversation but I have no idea when it will move to a standards group.
 
REFERENCES
---------------------
1. OASIS WS-CAF TC Web Page
 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-caf
 
2. WS-Context, draft version 0.9.2, July 2005
http://www.oasis-open.org/committees/download.php/13329/WS-Context.zip

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]