Re: [security-services] Revised bindings text

[Maryann Hondo <mhondo@us.ibm.com>]

Frederick,
On reading the text in the content of
the doc...
[hope this is the right version....http://www.oasis-open.org/apps/org/workgroup/security/download.php/6773/sstc-saml-bindings-2.0-draft-11-diff.pdf]

I still think it would be useful to
include  text like this, after line 222.

Web Services Security: SOAP Message
Security V1.0 defines a common way to apply security to SOAP Messages and
SHOULD be used to secure SOAP Message exchanges.  Additionally, WS-I
is currently standardizing a Basic Security Profile and this SHOULD be
used as a basis for interoperability .... . [http://ws-i.org/Profiles/BasicSecurityProfile-1.0-2004-05-12.html].
 

Although the WSI statement may belong
in the conformance doc not in this doc.

Maryann

<Frederick.Hirsch@nokia.com> 05/14/2004 01:40 PM

To:        <Frederick.Hirsch@nokia.com>, <security-services@lists.oasis-open.org>         cc:        <hlockhar@bea.com>, Maryann Hondo/Austin/IBM@IBMUS         Subject:        [security-services] Revised bindings text

Attached below is revised draft section 3.2 (SOAP) bindings
introductory text. This removes mention of the RPC encoding and incorporates
the SOAP AI work.

I plan to incorporate this in the bindings revision, please let me know of any issues (SOAP 1.2 and SOAP 1.2 Primer references to be adjusted)

Thanks

regards, Frederick
Frederick Hirsch
Nokia

3.2 SAML SOAP Binding

SOAP is a lightweight protocol intended for exchanging structured information in a decentralized, distributed environment. It uses XML technologies to define an extensible messaging framework providing a message construct that can be exchanged over a variety of underlying protocols. The framework has been designed to be independent of any particular programming model and other implementation specific semantics. Two major design goals for SOAP are simplicity and extensibility. SOAP attempts to meet these goals by omitting, from the messaging framework, features that are often found in distributed systems. Such features include but are not limited to "reliability", "security", "correlation", "routing", and "Message Exchange Patterns" (MEPs).

A SOAP message is fundamentally a one-way transmission between SOAP nodes from a SOAP sender to a SOAP receiver, possibly routed through one or more SOAP intermediaries. SOAP messages are expected to be combined by applications to implement more complex interaction patterns ranging from request/response to multiple, back-and-forth "conversational" exchanges.

SOAP defines an XML message envelope that includes header and body sections, allowing data and control information to be transmitted. SOAP also defines processing rules associated with this envelope and an HTTP binding for SOAP message transmission.

The SAML SOAP binding defines how to use SOAP to send and receive SAML requests and responses.

Like SAML, SOAP can be used over multiple underlying transports. This SAML SOAP binding has protocol-independent aspects, but also calls out the use of SOAP over HTTP as REQUIRED (mandatory to implement).