OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: SOAP version (from the minutes)

I'm sorry I couldn't make the call, but let me comment on the
SOAP issue.

Yes, SOAP 1.2 defines its terminology much more rigorously.  It also
clarifies many ambiguities -- what happens if a message reaches
the final destination with some headers unprocessed.  Those are
all good things, and it would arguably benefit WS-Security to use
the more rigorous processing model and terminology definitions.

On the other hand, it is based on the Infoset, as opposed to the
XML 1.0 serialization which is really the basis of XML DSIG et al.
There are various subtleties and issues here (for example, a SOAP
1.2 message could be conforming yet not serialize to XML 1.0, not be
amenable to the XPath model for canonicalization, etc.)  I exchanged
a number of emails with Mark Nottingham (and the W3C WG) about this.

For an example of some of the impact, look at the "Soap message
normalization" W3C Note (note that it's not on the recommendation
path; it's just a Note) which explains how to canonicalize SOAP
messages per se (as opposed to their payload).

To date, the informal and unofficial attitude I've heard from
various SOAP members is "XML DSIG and XMLEnc should be rewritten
in terms of hte Infoset."  (My rseponse to them has been advice to
not hold their breath.:)

There are subtleties and dangers.  I suggest the WS-Security spec
    Make it clear this is defined for 1.1, but note that
    it is not intended to rule out 1.2

    Use 1.2 terminology where it makes sense

    Use 1.1 examples

Hope this helps.
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]