[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [provision] WS-CAF and the "Session Context Token"
As far as I understood Gary's issue in [0], the main reason for implementing a session context is to optimize the server-side processing, what I take as managing the resources associated with each session (requestor). A specification addressing this issue better than WS-CAF might be found in the Web Services Resource Framework (WSRF). Specified by the OASIS WSRF TC, the documents are currently under public review. Besides the more general WS-Resource specification [1] which defines the terminology of a resource, WS-ResourceLifetime [2] provides the concrete life-cycle management mechanisms for stateful resources at the server (provider) side. It basically defines the interface for managing a stateful resource and uses the Endpoint Reference defined by WS-Addressing [3] in order to identify a certain instance of a Web Service using a server-generated ID embedded as a Reference Property. Since we currently identified the need for proper resource management only in the context of the search capability, WSRF may be an overkill. Further requirements like auditing basically require some way to correlate a number of messages in the context of a session. This may also be solved using WS-Addressing that defines metadata elements for SOAP messages like a <MessageID> which could be used for message correlation. Regarding the spec, I would follow Gary's alternative B but we may add a section on session management (as we already did for resource management) with some advise regarding these standards and their support in the respective domain. [0] http://www.oasis-open.org/apps/org/workgroup/provision/email/archives/20 0506/msg00065.html [1] http://docs.oasis-open.org/wsrf/wsrf-ws_resource-1.2-spec-pr-01.pdf [2] http://docs.oasis-open.org/wsrf/wsrf-ws_resource_lifetime-1.2-spec-pr-01 .pdf [3] http://ifr.sap.com/ws-addressing/WS-Addressing.pdf -----Original Message----- From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] Sent: Dienstag, 12. Juli 2005 00:04 To: provision@lists.oasis-open.org Subject: Re: [provision] WS-CAF and the "Session Context Token" Doesn't sound like we can in the short term defer to any other standard (including WS-CAF). Furthermore, these sound like overkill (since we are not talking about composite applications). So, we can: A) Formalize with a less objectionable name (such as "operational context") the notion of an opaque context that the provider returns and that the requestor may pass on subsequent requests to improve performance. B) Ignore it (and let each implementation roll its own "operational context"). prateek mishra wrote: > As part of a discussion that began with message: > http://www.oasis-open.org/apps/org/workgroup/provision/email/archives/20 0506/msg00065.html > I had taken an action to investigate the proposed work in the WS-CAF > TC to see this effort would meet these requirements. > The WS-CAF involves the development of a family of specifications that > " define a generic and open framework for applications that contain > multiple services used in combination (composite applications)." Three > specifications are planned: WS-Context, WS-Coordination and a third to > be named later. > The WS-Context specification is of particular interest. It provides "a > definition, a structuring mechanism, and service definitions for > organizing and sharing context across multiple execution endpoints." > Context may include a range of information but always include > > "A mandatory wsctx:contextIdentifierType called > wsctx:context-identifier. This identifier can be thought of as a > "correlation" identifier or a value that is used to indicate that a > Web service is part of the same activity. The > wsctx:contextIdentifierType is a URI with an optional wsu:Id > attribute. It MUST be unique." > While the specification is pretty general, it also states that "where > messages (either application messages, or WS-Context protocol messages > themselves) require contextualization, the context is transported in a > SOAP header block". > I couldn't see a proposed date for OASIS standardization for > WS-Context. A recent draft has been published and is being worked on > (also discussion of interop). My guess would be that it would be an > OASIS standard by end-of-year. > SUMMARY: > The WS-Context specification appears to provide a solution to some of > the requirements described in Gary's message. However, the term > "Session Context" is absent from WS-Context so maybe there are some > requirements (e.g., session time-out?) that are not captured there. > My own suggestion in that space is that concepts like sessioning and > time-outs should definitely be left to the security layer (distinct > from both WS-CAF and SPML) and I question whether the PSTC should > provide any additional support for it within SPML. Unfortunately, a > general purpose sessioning model for messages is not yet under > development by a standards body. There is a draft produced by a group > of vendors called WS-SecureConversation but I have no idea when it > will move to a standards group. > REFERENCES > --------------------- > 1. OASIS WS-CAF TC Web Page > http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-caf > 2. WS-Context, draft version 0.9.2, July 2005 > http://www.oasis-open.org/committees/download.php/13329/WS-Context.zip --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]