FW: Candidate Primer/FAQ items

[Andre Kramer <andre.kramer@eu.citrix.com>]

Possible items for Primer/FAQ that could enhance interoperability.
THESE ARE NOT CHANGE REQUESTs.

regards,
Andre

>  -----Original Message-----
> From: 	Andre Kramer  
> Sent:	21 March 2003 16:59
> To:	Andre Kramer
> Subject:	Candidate Primer/FAQ items
> 
> 
> ----------------------------------
> How to specify the fileName for file inputs?
> 
> Include a "filename" MIME attribute in uploadContext with the string value
> set to the file name.
> http://www.ietf.org/rfc/rfc2388.txt
> "Forms may request file inputs from the user; the form software may
> include the file name and other file attributes, as specified in [RFC
> 2184]. The original local file name may be supplied as well, either as a
> "filename" parameter either of the "content-disposition: form-data" header
> or, in the case of multiple files, in a "content-disposition: file" header
> of the subpart. The sending application MAY supply a file name; if the
> file name of the sender's operating system is not in US-ASCII, the file
> name might be approximated, or encoded using the method of RFC 2231."
> 
> ----------------------------------
> Can consumer re-writing and Producer templates be used together?
> 
> For example, if a producer asks for templates but consumer wants to do
> URL/namespace re-writing:
> 
> for Templates.defaultTemplate consumer could use:
> "wsrp-rewrite?wsrp-urlType={wsrp-urlType}&wsrp-navigationalState={wsrp-nav
> igationalState}&wsrp-interactionState={wsrp-interactionState}&wsrp-mode={w
> srp-mode}&wsrp-windowState={wsrp-windowState}/wsrp-rewrite"
> 
> for Templates.secureDefaultTemplate consumer could use:
> "wsrp-rewrite?wsrp-urlType={wsrp-urlType}&wsrp-navigationalState={wsrp-nav
> igationalState}&wsrp-interactionState={wsrp-interactionState}&wsrp-mode={w
> srp-mode}&wsrp-windowState={wsrp-windowState}&wsrp-secureURL=true/wsrp-rew
> rite"
> 
> Neither consumer rewriting and producer URLs are optional and the two
> schemes can be used together.
> 
> -----------------------------------
> Can a producer mix templates with consumer namespace rewriting?
> 
> For example, if a consumer does not supply a
> RuntimeContext.namespacePrefix or one that is illegal in the markup
> context (e.g. that would form an illegal JavaScript identifier) the
> producer can revert to consumer re-writing and use
> wsrp-rewrite?wsrp-urlType=namespace&wsrp-token=.../wsrp-rewrite setting
> MarkupContext.requiresUrlRewriting=true.
> 
> ---------------------------------
> 
> SOAP fault details (SOAP 1.1 section 4.4) can be used to carry informal
> error information for faults defined by WSRP.
> 
> ----------------------------------
> 
> Custom modes and window states should not include a "&". Consumers rewrite
> portlet URLs using '&' and '='. Also avoid "?" & "<" etc. 
> 
> ------------------------------------
> 
> Cookies may or may not be accepted based on RFC 2109 (in particular see
> section 7.1 in RFC), for example, when multiple bindings using http are
> employed by a consumer (just like two browser windows not returning each
> other's cookies;- mulitple user agents for one user.). 
> 
> Cookie(s) returned by InitCookie() do not apply to the other SOAP binding
> factors (only WSRP_v1_Markup_Binding_SOAP).
> 
> ------------------------------------
> 
> FAQ: We have no way to include JavaScript to be invoked on <body onload>
> in 1.0.
> 
> ------------------------------------
> 
> There is currently only limited support for negotiation in registration.
> For example, if a producer wishes to advertise that a particular caching
> or attachment policy is available but needs the consumer to negotiate its
> use. One possible way to achieve such negotiation is to use a registration
> property, where the consumer affirming the property turns on some producer
> side functionality.
> 
> [For example, we allow the consumer to asserting the DIME property in
> order inform the producer that attachments can be sent to the some
> producerAgent using:
> http://msdn.microsoft.com/webservices/building/wse/default.aspx?pull=/libr
> ary/en-us/dnglobspec/html/dimeindex.asp
> Read-only, informational properties have their stringValue set to the
> property name (e.g. prop.name=prop.stringValue=DIME).]
> 
> ------------------------------------
> 
> A consumer may want to include some of the fields in the RuntimeContext in
> its cache key. RuntimeContext's sessionID and userAuthentication deserve
> particular attention as they are not supplied by the consumer itself.
> 
> ------------------------------------
> 
> A producer has no standard way to know if a user-agent requires resources
> to be proxied via the consumer and will generate (possibly unnecessary)
> urls of type wsrp-urlType=resource. A consumer can turn these back into
> direct urls (user agent to producer via normal Web proxies) if the
> consumer can determine that the user agent has direct Internet access and
> that the resource does not require re-writing (e.g. a binary mime type or
> wsp-requiresRewrite=false). 
> 
> [We use a read-only, informational registration property
> (prop.name=prop.stringValue="resourcesDirect") to notify a producer that a
> consumer does not need to proxy resources that don't require to be
> re-written (if a resource requires consumer re-writing then it must be
> proxied by the consumer).]
> 
> ------------------------------------
> 
> FAQ: The only way to prevent cached markup being shown after an action is
> to force a change to future markupParams i.e. return a new or unique
> navigationalState.
> 
> Some producers may offer a "appPerUser" and a "appForAll" scope that
> behaves like the "perUser" and the "forAll" scopes respectively, but
> invalidates all cached markup after a portlet has been the target of an
> action. [We use an "applicationCachingScopes" registration property
> (read-only, in that the consumer should set
> stringValue="applicationCachingScope") to advertise these caching scope.]
> 
> ------------------------------------
> 
> FAQ: Service discovery is not currently addressed by the spec (1.3 step
> 1). The TC is working on a detailed UDDI mapping, but developers may wish
> to follow the following UDDI recommendations for now:
> http://www.ws-i.org/Profiles/Basic/2003-01/BasicProfile-1.0-WGAD.html
> http://www.oasis-open.org/committees/uddi-spec/doc/bp/uddi-spec-tc-bp-usin
> g-wsdl-v108-20021110.htm
> New 2.0 best practice (at TC review stage):
> http://oasis-open.org/committees/uddi-spec/doc/draft/uddi-spec-tc-tn-wsdl-
> 20030319-wd.htm
> 
> ------------------------------------
> 
> Extension elements may want to use the NamedString, NamedStringArray,
> StingArray types from the WSRP namespace. For example, if extensions are
> all name/value pairs multiple NamedStrings can be include, or if sets of
> strings are required multiple (Named)StringArrays can be used.  
> 
> ------------------------------------
> How to find ports with secure bindings?
> 
> A consumer can look for ports with soap address locations that start with
> "https://" when security is required (e.g
> PortletDescription.defaultMarkupSecure or onlySecure is set to true or a
> URL's wsrp-secureURL is true).
> e.g. on
> <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="some name">
>       <soap:address location="https://some.wsrp.service/"/>
> </wsdl:port>
> use something like:
> <xsl:variable name="binding"
> select="wsdl:port[@binding=concat($bindnamespace,
> ':WSRP_v1_Markup_Binding_SOAP')]/soap:address/@location">
> </xls:variable>
> 
> ------------------------------------
> 
> Consumers may like to constrain what URLs they proxy, if the security
> policy for the consumer host and the user agent differ. Resource URLs to
> another domain than the producer's may be blocked.
> 
> ------------------------------------
> 
> Section 7. requires registrationHandles to be unique (within a producer /
> consumer pairing). They may want to be cryptograph large random numbers so
> they can not be guessed.
> 
> ------------------------------------
> 
> The WSDL docs for WSRP are published on the Internet over an insecure
> transport. Don't rely on their authenticty when producers demand secure
> ports to be used.e.g.
> http://www.oasis-open.org/committees/wsrp/documents/version1/wsrp_v1_types
> .xsd
> 
> ------------------------------------
> 
>