[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: SOAP 1.1 Protocol Binding
Evan, The protocol binding needs to be very specific about how it is bound to SOAP 1.1. In particular, the binding to SOAP 1.1 RPC over HTTP should be very explicit. SOAP 1.1 binding is different than SOAP 1.1 RPC binding (SOAP 1.1 is 1-way, RPC is well, RPC). Feel free to forward your response to security-services if you think the overall TC should be interested in this exchange. I suggest the following o SOAPAction must not be used. Rationale, SOAP 1.2 will be deprecating or minimizing it's usage. o Preclude trailers. SOAP 1.1 leaves trailers undefined o Headers should be specified explicitly, and how intermediaries will deal with them. o It should be called out whether Actor and MustUnderstand are required for headers or not. o The use of order in headers needs to be called out, is it lexical or some other order? o The behaviour of Header errors needs to be called out. Note that SOAP precludes the use of Fault Codes for header errors. What if order is invalid? What if not all mustUnderstand="1" headers were processed? Are multiple headers for an intermediary atomic (do all mustUnderstand="1" or rollback?). o The contents of FaultDetails should be specified IFF we want to allow multiple returns. This is how SOAP is designed for multiple errors. o 4.6.1 "The parties MUST NOT add signatures in either the headers or the envelope of the SOAP message.". Are you serious? Say an intermediary processes a header (mustUnderstand="1") and changes the attribute to (hasUnderstood="1", SOAP 1.2 proposal) and adds a signature to indicate secure that it processed the header. Why preclude that?. o The processing model of intermediaries is very unclear here. Imagine 2 cases: 1) Author wants to specify the exact route of a message through intermediaries; 2) Author wants multiple intermediaries, but it only knows the first node. How are headers constructed differently based on these 2 processing models. Cheers, Dave > -----Original Message----- > From: Evan Prodromou [mailto:eprodromou@securant.com] > Sent: Tuesday, June 12, 2001 7:32 PM > To: security-bindings@lists.oasis-open.org > Subject: SOAP 1.1 Protocol Binding > > > Attached is a first draft of the SOAP 1.1 protocol binding. It's > fairly detailed, but the essential message of the protocol binding > ("put queries and responses in message bodies") is extremely simple. > > Thanks for your patience on this. > > ~ESP > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC