Web Services Addressing - SOAP BINDING
W3C Working Draft 8 December 2004
This version:
http://www.w3.org/tr/2004/wd-ws-addr-soap-20041208
Latest Version:
http://www.w3.org/tr/ws-addr-soap
Previous Versions:
Editors:
Martin Gudgin, Microsoft Corp
Marc Hadley, Sun Microsystems, Inc
This Document is Also Available In There Non-Normative Formats: PostScript, PDF, XML, And Plain Text.
Copyright © 2004 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C Liability, Trademark and Document USE Rules Apply.
Abstract
Web Services Addressing provides transport-neutral mechanisms to address Web services and messages. Web Services Addressing SOAP Binding (this document) defines the binding of the abstract properties defined in Web Services Addressing Core to SOAP Messages.
Status of this document
This section describes the status of this document at the time of its publication Other documents may supersede this document A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http:.. // Www.w3.org/tr/.
This is the First Public Working Draft of the Web Services Addressing -. SOAP Binding specification for review by W3C members and other interested parties It has been produced by the Web Services Addressing Working Group (WG), which is part of the W3C Web Services Activity .
In this Working Draft, the Web Services Addressing Working Group has, in keeping with its charter, separated the WS-Addressing Member Submission into three separate specifications:. Core, SOAP Binding, and WSDL Binding The Working Group expects to publish an updated draft in The Near Future Incorporting More Resolutions from Its Issues List.
Discussion of this document takes place on the public public public-ws-addressing@w3.org mailing list (public archive). Comments on this specification should be sent to this mailing list.This document was produced under the 5 February 2004 W3C Patent Policy . The Working Group maintains a public list of patent disclosures relevant to this document;. that page also includes instructions for disclosing [and excluding] a patent An individual who has actual knowledge of a patent which the individual believes contains Essential Claim (s) with .................... ..
Per section 4 of the W3C Patent Policy, Working Group participants have 150 days from the title page date of this document to exclude essential claims from the W3C RF licensing requirements with respect to this document series. Exclusions are with respect to the exclusion reference document, Defined by the W3C Patent Policy to Be The Latest Version of a Document In this Series..
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
Editorial note The Web Services Addressing Working Group has decided to use XML Schema, where appropriate, to describe constructs defined in this specification. Note that this restricts use of Web Services Addressing to XML 1.0.
Short Table of Contents
1. Introduction2. Binding endpoint references3. Faults4. Security considity, reference, acknowledgements (non-normative) b. Change log (non-normative) Table of Contents
1. Introduction 1.1 Notational Conventions 1.2 Namespaces2. Binding Endpoint References3. Faults 3.1 Invalid Message Information Header 3.2 Message Information Header Required 3.3 Destination Unreachable 3.4 Action Not Supported 3.5 Endpoint Unavailable4. Security Considerations5. References
Appendices
A. Acknowledgements (Non-Normative) B. Change log (non-normative)
INTRODUCTION
Web Services Addressing CoreWS-Addressing-Core defines a set of abstract properties and an XML Infoset [XML Information Set] representation thereof to identify Web service endpoints and to secure end-to-end identification of endpoints in messages. Web Services Addressing SOAP Binding ( ............................
The Following Example Illustrates The Use of these Mechanisms in A Soap: //business456.example/client1 to http: //fabrikam123.example/purchasing:
Example 1-1. Use of message addressing properties in a soap 1.2 message.
(001) XMLns: wsa = "http://www.w3.org/2004/12/addressing" (004) http://example.com/someuniquestring (005) (006) (007) (008) (009) (010) (012) (013) ... (014) (015) Lines (002) to (011) Repesent The Header of the Soap Message WHERE The Mechanisms Defined in The Specification Are Used. The Body Is RepreSented by Lines (012) TO (014). Lines (003) to (010) contain the message information header blocks. Specifically, lines (003) to (005) specify the identifier for this message and lines (006) to (008) specify the endpoint to which replies to this message should BE SENT AS An Endpoint Reference. Line (009) Specifies The Address Uri of The Ultimate Receiver of this Message. Line (010) Specifies An Action Uri Identifying Expected Semantics. 1.1 NOTATIONAL Conventions THE Keywords "Must", "Must Not", "Required", "SHALL", "SHALL NOT", "Shove", "Recommended", "May", and "Optional" in this document area to TO Be Interpreted As Described in RFC 2119 [IETF RFC 2119]. When describing abstract data models, this specification uses the notational convention used by XML Infoset [XML Information Set]. Specifically, abstract property names always appear in square brackets (e.g., [some property]). When describing concrete XML schemas [XML Schema Structures, XML Schema Datatypes], this specification uses the notational convention of WS-Security [WS-Security]. Specifically, each member of an element's [children] or [attributes] property is described using an Xpath-Like Notation (EG, / X: myHeader / x: SomeProperty / @ value1). The use of {any} indeicates the presence of an element wildcard ( THIS SPECification Uses a Number of Namespace Prefixes Throughout; The is the choice of any semantical signal (see [xml namespaces). Table 1-1. Prefixes and namespaces used in this specification PrefixNamespaceShttp: //www.w3.org/2003/05/soap-ENvelop: //www.w3.org/2004/12/addressingXSHTTP: //www.w3.org/2004/12/addressingXSHTTP: //www.w3. ORG / 2001 / XMLSChema . WS-Addressing is defined in terms of the XML Information Set [XML Information Set] WS-Addressing is conformant to the SOAP 1.2 [SOAP 1.2 Part 1: Messaging Framework] processing model and is also compatible with SOAP 1.1 [SOAP 1.1] for . backwards compatibility WS-Addressing may be used with WSDL [WSDL 2.0] described services as described in Web Services Addressing -. WSDL Binding [WS-Addressing-WSDL] The examples in this specification use an XML 1.0 [XML 1.0] representation but this IS not a requirement. All information items defined by WS-Addressing are identified by the XML namespace URI [XML Namespaces] "http://www.w3.org/2004/12/addressing". A normative XML Schema [XML Schema Structures, XML Schema Datatypes] Document can be obtained by dereferencing the xml namespace uri.2. Binding endpoint References ...................... When a message needs to be addressed to the endpoint, the information contained in the endpoint reference is mapped to the message according to a transformation that is dependent on the protocol and data representation used to send the message. Protocol-specific mappings (or bindings) will define how the information in the endpoint reference is copied to message and protocol fields This specification defines the SOAP binding for endpoint references This mapping MAY be explicitly replaced by other bindings (defined as WSDL bindings or as policies);.. however, in the absence of an applicable policy stating that a different mapping must be used, the SOAP binding defined here is assumed to apply. to ensure interoperability with a broad range of devices, all conformant implementations MUST support the SOAP binding. The soap binding for endpoint references is defined by The Following TWU Rules: The [address] property in the endpoint reference is copied in the [destination] message information property. The infoset representation of the [destination] property becomes a header block in the SOAP message. Each [reference property] and [reference parameter] element becomes a header block in the SOAP message. The element information item of each [reference property] or [reference parameter] (including all of its [children], [attributes] and [in-scope namespaces]) is to be added as a header Block in the new message.the next esample shows how the default soap binding for endpoint references IS Used to construct a message addressed to the endpoint: Example 2-1. EXAMPLE Endpoint Reference. According to the mapping rules stated above, the address value is copied in the "To" header and the "CustomerKey" element should be copied literally as a header in a SOAP message addressed to this endpoint The SOAP message would look as follows.: Example 2-2. EXAMPLE Endpoint Reference Mapped to Soap Message Header Blocks. XMLns: WSA = "..." XMLns: Fabrikam = "..."> ... ... ... 3. Faults The faults defined in this section are generated if the condition stated in the preamble in each subsection is met. They are sent to the [fault endpoint], if present and valid. Otherwise they are sent to the [reply endpoint] if present. If Neither Is Present Faults May Be Sent To The [Source Endpoint]. Endpoints compliant with this specification MUST include required message information headers on all fault messages. Fault messages are correlated as replies using the [relationship] property as defined in Section 3. The [action] property below designates WS-Addressing fault messages (this URI is Also Used As The Default Action Value for WSDL Fault Messages, As Described in Section 3.3.2): http://www.w3.org/2004/12/addressing/fault The Definitions of Faults Use The Following Properties: THE FAULT CODE. . "Subcode] The Fault Subcode. [REASON] The English Language Reason ELEMENT. [Detail] The detail element. If Absent, no detail element is defined for the fault. The Properties Above Bind to A SOAP 1.2 Fault As Follows: Example 3-1. Binding of Fault Properties to SOAP 1.2 Messages. http://www.w3.org/2004/12/addressing/fault [Detail] The SOAP 1.1 Fault is Less Expressive and map Only [Subcode] and [Reason]. The Properties Bind to A SOAP 1.1 Fault As Follows: Example 3-2. Binding of Fault Properties to SOAP 1.1 Messages. 3.1 INVALID Message Information Header A Message Information Header Cannot Be Processed. [Code] s: sender [Subcode] WSA: InvalidMessageInformationHeader [Reason] A message information header is not valid and the message can not be processed. The validity failure can be either structural or semantic, eg a [destination] that is not a URI or a [relationship] to a [message id] that was NEVER ISSUED. [Detail] [Invalid Header] 3.2 Message Information HEADER Required A Required Message Information Header Is Absent. [Code] s: sender [Subcode] WSA: MessageInformationHeaderRequired [REASON] a Required Message Information Header, To, MessageId, or action, is not present. [Detail] [missing header qname] 3.3 Destination Unreachable No endpoint can be found. ............... [Code] s: sender [Subcode] WSA: DestinationunReachable [REASON] NO ROUTE CAN Be Determined to Reach The Destination Role Defined by The WS-Addressing To. [Detail] EMPTY 3.4 Action Not Supported The [Action] Property in the message is not supported at this endpoint. The Contents of this Fault Are As Follows: [Code] s: Sender [Subcode] WSA: ActionNOTSupported [REASON] The [Action] Cannot Be Processed At the Receiver. [Detail] [Action] 3.5 Endpoint Unavailable ............... .. The endpoint may optionally Include a retroyafter Parameter in The Detail. The Source Should Not Retransmit The Message Until This Duration Has Pass. [Code] S: Receiver [Subcode] WSA: Endpointunavailable [REASON] The endpoint is unable to process the message at this time. [Detail] The Following Describes The Attributes and Elements Listed Above: / WSA: RetryAfter This Element (of type xs: nonnegativeinteger) IS a suggested minimum duration in milliseconds to wait before retransmitting the message. If this element is omitted from the detail, The value is infinite. / WSA: RetryAfter / @ {ann} Thase Optional Extensibility Attributes Do Not Affect Processing. 4. Security Considances It is strongly recommended that the communication between services be secured using the mechanisms described in WS-Security [WS-Security]. In order to properly secure messages, the body and all relevant headers need to be included in the signature. Specifically, the message information headers described in this specification (eg The message information headers blocks may have their contents encrypted in order to obtain end-to-end privacy, but care should be taken to ensure that intermediary processors have access to required information (e.g. Some processors may use message identifiers.. ( Message Alteration - Alteration Is Prevented by Including Signatures of the Message Information Using WS-Security. Message Disclosure - Confidentiality Is Preserved by Encrypting Sensitive Data Using WS-Security. Address Spoofing - Address Spoofing is prevented by ENSURING THATY ALDITED TO SIGNED BY A Party Authorized to Speak for (OR on Behalf of) The Address. Key Integrity - Key Integrity Is Maintained by Using The Strongest Algorithms Possible (by Comparing Secured Policies. Authentication - Authentication May Be Established Using The Mechanisms Described in WS-Security. Accountability - Accountability is a function of the type of and strength of the key and algorithms being used In many cases, a strong symmetric key provides sufficient accountability However, in some environments, strong PKI signatures are required... Availability -. All reliable messaging services are subject to a variety of availability attacks Replay detection is a common attack and it is recommended that this be addressed by the mechanisms described in WS-Security and / or caching of message identifiers Other attacks, such as. network-level denial of service attacks are harder to avoid and are outside the scope of this specification that said, care should be taken to ensure that minimal state is saved prior to any authenticating sequences.Replay -. Messages may be replayed for a variety of reasons. to detect and eliminate this attack, mechanisms should be used to identify replayed messages such as the timestamp / nonce outlined in WS-Security. Alternatively, and optionally, other technologies, such as sequencing, can also be used to prevent replay of application Messages. 5. References [Ws-addressing-core] Web Services Addressing - Core, M. Gudgin, M. Hadley, Editors. [Ws-addressing-wsdl] Web Services Addressing - WSDL Binding, M. Gudgin, M. Hadley, Editors. [WSDL 2.0] Web Services Description Language 2.0, TBD. [Ietf RFC 2119] Key Words for use in rfcs to indeicate requirement level, S. Bradner, Author. Internet Engineering Task Force, June 1999. Available At http://www.ietf.org/rfc/rfc2119.txt. [RFC 2396bis] T. Berners-Lee, et al, "Uniform Resource Identifier (URI): Generic Syntax," W3C / MIT, JULY 2004. (See http://www.ietf.org/internet-drafts/draft-fielding-uri-rfc2396bis-07.txt.) [Xml 1.0] Extensible Markup Language (XML), T. Bray, J. Paoli, CM Sperberg-McQueen, And E. Maler, Editors. World Wide Web Consortium, 10 February 1998, Revised 6 October 2000. This Version of Thae XML 1.0 Recommendation IS http://www.w3.org/tr/2000/rec-xml-20001006. Thelatest version of XML 1.0 is Available At http://www.w3.org/tr/rec-xml. [XML Namespaces] Namespaces in XML, T. Bray, D. Hollander, And A. Layman, Editors. World Wide Web Consortium, 14 January 1999. This version of the xml information set recommendation is http://www.w3.org/TR/1999 / REC-XML-NAMES-19990114. The Latest Version of Namespaces in XML is Available At http://www.w3.org/tr/rec-xml-names. [XML Information Set] XML Information Set, J. Cowan and R. Tobin, Editors. World Wide Web Consortium, 24 October 2001. This Version of The XML Information Set Recommendation is http://www.w3.org/tr/2001/rec-xml- Infoset-20011024. The Latest version of xml information set is available at http://www.w3.org/tr/xml-infoseet. [XML Schema Structures] XML Schema Part 1: Structures, H. Thompson, D. Beech, M. Maloney, And N. Mendelsohn, Editors. World Wide Web Consortium, 2 May 2001. This Version of The XML Schema Part 1 Recommendation IS http: // www .w3.org / TR / 2001 / REC-XMLSCHEMA-1-20010502. The Latest Version of XML Schema Part 1 Is Available At http://www.w3.org/tr/xmlschema 1. [XML Schema DataTypes] XML Schema Part 2: DataTypes, P. Byron and A. Malhotra, Editors. World Wide Web Consortium, 2 May 2001. This Version of The XML Schema Part 2 Recommendation IS http://www.w3.org/tr/2001/ REC-XMLSChema-2-20010502. The Latest Version of XML Schema Part 2 Is Available At http://www.w3.org/tr/xmlschema-2. [SOAP 1.2 Part 1: Messaging Framework] SOAP VERSION 1.2 Part 1: Messaging Framework, M. Gudgin, M. Hadley, N. Mendelsohn, JJ. Moreau, H. Frystyk Nielsen, Editors. World Wide Web Consortium, 24 June 2003. This Version of The "SOAP VERSION 1.2 Part 1: Messaging is http://www.w3.org/tr/2003/rec-soap12-part1-20030624/. TheLatest Version of "SOAP VERSION 1.2 Part 1: Messaging Framework" is available at http: // Www.w3.org/tr/SOAP12-Part1/. [WSDL 1.1] E. Christensen, ET Al, Web Services Description Language (WSDL) 1.1, March 2001. [SOAP 1.1] DON BOX, ET AL, Simple Object Access Protocol (SOAP) 1.1, May 2000. [Ws-security] Oasis, Web Services Security: SOAP MESSAGE Security, MARCH 2004. A. Acknowledgements (non-normalative) TBD B. Change log (non-normalative) DateEditorDescription2004-11-24 @ 15: 32mhadleyAdded note that addressing is backwards compatible with SOAP 1.12004-11-23 @ 21: 38mhadleyUpdated titles of examples Fixed table formatting and references Replaced uuid URIs with http URIs in examples Added document status.2004... -11-07 @ 02: 03mhadleySecond more detailed run through to separate core, SOAP and WSDL document contents Removed dependency on WS-Policy Removed references to WS-Trust and WS-SecurityPolicy2004-11-02 @ 22:.. 25mhadleyRemoved static change log And Added Dynamically Generated Change Log from CVS.2004-10-28 @ 17: 05MhadleyInitial Cut of Separating Specification Into Core, SOAP AND WSDL
