OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [ws-sx] Issue 169: Sample wsdl in conflict w WS-I BSP in WS-Trust1.3, 1.4

Issue 169

 

From: Rich.Levinson [mailto:rich.levinson@oracle.com]
Sent: Friday, May 30, 2008 5:25 PM
To: ws-sx@lists.oasis-open.org
Cc: Marc Goodner
Subject: [ws-sx] NEW Issue: Sample wsdl in conflict w WS-I BSP in WS-Trust 1.3, 1.4

 

 
PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.
 
Protocol:  ws-trust 
 
        ws-trust-1.4-spec-ed-03: p 79, Appendix B, lines 3177,3184,3188; 3204,3208
          http://www.oasis-open.org/committees/download.php/28255/ws-trust-1.4-spec-ed-03.doc
 
    the problem described here also relates to these ws-trust 1.3 documents
 
        ws-trust-1.3-os:
          http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf
        wsdl:
          http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl
 
Artifact
        wsdl
 
Type:
        editorial
 
Title
        Sample wsdl in conflict w WS-I BSP
 
Description:
        ws-trust-1.4-spec-ed-03: p 79, Appendix B, lines 3177,3184,3188; 3204,3208
 
        It was found during preparation of use cases for the 
          web services test forum (wstf) committee:
               http://www.wstf.org/
           (need to join to read archives, but if so, then issue was 
            discussed here: http://www.wstf.org/mail/sc006/200805/msg1)
        that the sample wsdl in Appendix B appears to possibly have
        inadvertently included wsdl that is in conflict with WS/I BP:
 
               http://www.ws-i.org/Profiles/BasicProfile-1.0-2004-04-16.html        
        
WS-I BS text:
5.6.7 Wire Signatures for Operations
An endpoint that supports multiple operations must unambiguously identify the operation being invoked based on the input message that it receives. This is only possible if all the operations specified in the wsdl:binding associated with an endpoint have a unique wire signature. 
 
R2710 The operations in a wsdl:binding in a DESCRIPTION MUST result in wire signatures that are different from one another. 
 
The Profile defines the "wire signature" of an operation in a wsdl:binding to be the fully qualified name of the child element of the soap:Body of the SOAP input message it describes. For the case of an empty soap:Body this name is an empty string. 
 
In the case of rpc-literal binding, the operation name is used as a wrapper for the part accessors. In the document-literal case, since a wrapper with the operation name is not present, the message signatures must be correctly designed so that they meet this requirement.
 
        
Here is the wsdl for ref w problem lines marked by "<---***" on RHS:
 
<!-- This portType models the full request/response the Security Token Service: -->
 
    <wsdl:portType name="WSSecurityRequestor">
        <wsdl:operation name="SecurityTokenResponse">
            <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>    <---***
        </wsdl:operation>
        <wsdl:operation name="SecurityTokenResponse2">
            <wsdl:input 
                message="tns:RequestSecurityTokenResponseCollectionMsg"/>
        </wsdl:operation>
        <wsdl:operation name="Challenge">
            <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>    <---***
            <wsdl:output message="tns:RequestSecurityTokenResponseMsg"/>
        </wsdl:operation>
        <wsdl:operation name="Challenge2">
            <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>    <---***
            <wsdl:output 
                message="tns:RequestSecurityTokenResponseCollectionMsg"/>
        </wsdl:operation>
    </wsdl:portType>
 
<!-- These portTypes model the individual message exchanges -->
 
    <wsdl:portType name="SecurityTokenRequestService">
        <wsdl:operation name="RequestSecurityToken">
            <wsdl:input message="tns:RequestSecurityTokenMsg"/>
        </wsdl:operation>
    </wsdl:portType>
 
    <wsdl:portType name="SecurityTokenService">
        <wsdl:operation name="RequestSecurityToken">
            <wsdl:input message="tns:RequestSecurityTokenMsg"/>    <---***
            <wsdl:output message="tns:RequestSecurityTokenResponseMsg"/>
        </wsdl:operation>
        <wsdl:operation name="RequestSecurityToken2">
            <wsdl:input message="tns:RequestSecurityTokenMsg"/>    <---***
            <wsdl:output 
                 message="tns:RequestSecurityTokenResponseCollectionMsg"/>
        </wsdl:operation>
    </wsdl:portType>
</wsdl:definitions>
 
The problem with violating this convention is that if you try to do
automatic code generation, in at least one popular implementation
language you cannot have 2 methods in the same class with the same
signature, which is what happens with these identical input messages.
 
Related issues:
 
        N/A
 
Proposed Resolution:
 
  None: Not sure what would be intended here, because the example is showing
  messages to an STS, which can reply with different responses for
  output w same input. However, as shown the methods violate the WS-I
  guidelines. (appears that concept of in/out "signature" may be overloaded 
  here as there is both input/output at the message-in/message-out level as 
  well as creation of input message level)
 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]