Copyright © 2009 W3C ® ( MIT , ERCIM , Keio ), All Rights Reserved. W3C liability , trademark and document use rules apply.
This specification describes a general SOAP-based protocol for accessing XML representations of Web service-based resources.
1 Introduction
1.1 Requirements
2 Terminology and
Notation
2.1 Terminology
2.2 XML
Namespaces
2.3 Notational
Conventions
2.4 Considerations on the
Use of Extensibility Points
2.5 Compliance
3 Resource Operations
3.1 Get
3.2 Put
3.3 Delete
4 Resource Factory
Operations
4.1 Create
5 Faults
5.1 InvalidRepresentation
5.2 UnknownDialect
5.3 PutDenied
6 Security
Considerations
7 WS-Transfer Policy
Assertion(s) Metadata
7.1 TransferResource
Assertion
7.2 TransferResourceFactory
Assertion
8 Acknowledgements
9 References
9.1 Normative
References
9.2 Informative
References
A XML
Schema
B WSDL C Change
Log
This specification defines a mechanism for acquiring XML-based representations of entities using the Web service infrastructure. It defines two types of entities:
Resources, which are entities addressable by an endpoint reference that provide an XML representation
Resource factories, which are Web services that can create
a new resource
from an XML representation resources
Specifically, it defines two operations for sending and receiving the representation of a given resource and two operations for creating and deleting a resource and its corresponding representation.
Note that the state maintenance of a resource is at most subject to the "best efforts" of the hosting server. When a client receives the server's acceptance of a request to create or update a resource, it can reasonably expect that the resource now exists at the confirmed location and with the confirmed representation, but this is not a guarantee, even in the absence of any third parties. The server MAY change the representation of a resource, MAY remove a resource entirely, or MAY bring back a resource that was deleted.
For instance, the server might store resource state information on a disk drive. If that drive crashes and the server recovers state information from a backup tape, changes that occurred after the backup was made will be lost.
A server MAY have other operational processes that change resource state information. A server might run a background process that examines resources for objectionable content and deletes any such resources it finds. A server can purge resources that have not been accessed for some period of time. A server could apply storage quotas that cause it to occasionally purge resources.
In essence, the confirmation by a service of having processed a request to create, modify, or delete a resource implies a commitment only at the instant that the confirmation was generated. While the usual case is that resources are long-lived and stable, there are no guarantees, and clients are advised to code defensively.
There is no requirement for uniformity in resource representations between the messages defined in this specification. For example, the representations required by Create or Put can differ from the representation returned by Get, depending on the semantic requirements of the service. Additionally, there is no requirement that the resource content is fixed for any given endpoint reference. The resource content can vary based on environmental factors, such as the security context, time of day, configuration, or the dynamic state of the service.
A Web service that is addressable using an endpoint reference and can be represented by an XML Information Set. The representation can be retrieved using the Get operation and can be manipulated using the Put and Delete operations.
A Web service that is capable of creating new resources using the Create operation defined in this specification.
The XML Namespace URI that MUST be used by implementations of this specification is:
http://www.w3.org/2009/02/ws-trahttp://www.w3.org/2009/09/ws-tra
Table 2-1 lists XML namespaces that are used in this specification. The choice of any namespace prefix is arbitrary and not semantically significant.
Prefix | XML Namespace | Specification(s) |
---|---|---|
wst | This specification | |
s | Either SOAP 1.1 or 1.2 | SOAP |
s11 | http://schemas.xmlsoap.org/soap/envelope/ | |
s12 | http://www.w3.org/2003/05/soap-envelope | |
wsa | http://www.w3.org/2005/08/addressing | [WS-Addressing] |
wsdl | http://schemas.xmlsoap.org/wsdl/ | |
xs | http://www.w3.org/2001/XMLSchema | XML Schema |
The working group intends to update the value of the Web Services Transfer namespace URI each time a new version of this document is published until such time that the document reaches Candidate Recommendation status. Once it has reached Candidate Recommendation status, the working group intends to maintain the value of the Web Services Transfer namespace URI that was assigned in the Candidate Recommendation unless significant changes are made that impact the implementation or break post-CR implementations of the specification. Also see http://www.w3.org/2001/tag/doc/namespaceState.html and http://www.w3.org/2005/07/13-nsuri .
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC 2119] .
This specification uses the following syntax to define outlines for messages:
The syntax appears as an XML instance, but values in italics indicate data types instead of literal values.
Characters are appended to elements and attributes to indicate cardinality:
"?" (0 or 1)
"*" (0 or more)
"+" (1 or more)
The character "|" is used to indicate a choice between alternatives.
The characters "(" and ")" are used to indicate that contained items are to be treated as a group with respect to cardinality or choice.
The characters "[" and "]" are used to call out references and property names.
Ellipsis (i.e. "...") indicate points of extensibility.
XML namespace prefixes (see Table 2-1 ) are used to indicate the namespace of the element being defined.
In addition to Message Information Header properties [WS-Addressing] , this specification uses the following properties to define messages:
Unordered message headers.
The value to be used for the wsa:Action URI. IRI.
A message body.
These properties bind to a SOAP Envelope as follows:
<s:Envelope> <s:Header> [Headers] <wsa:Action>[Action]</wsa:Action> ... </s:Header> <s:Body>[Body]</s:Body> </s:Envelope>
This specification can be used in terms of XML Information Set
(Infoset) [XMLInfoset] [XML Infoset] , even
though the specification uses XML 1.0 terminology. Valid Infoset
for this specification are is the one serializable in XML 1.0, hence the use
of XML 1.0.
The elements defined in this specification MAY be extended at the points indicated by their outlines and schema. Implementations MAY add child elements and/or attributes at the indicated extension points but MUST NOT contradict the semantics of the parent and/or owner, respectively. If a receiver does not recognize an extension, the receiver SHOULD ignore that extension. Senders MAY indicate the presence of an extension that has to be understood through the use of a corresponding SOAP Header with a soap:mustUnderstand attribute with the value "1".
In cases where it is either desirable or necessary for the receiver of a request that has been extended to indicate that it has recognized and accepted the semantics associated with that extension, it is RECOMMENDED that the receiver add a corresponding extension to the response message. The definition of an extension SHOULD clearly specify how the extension that appears in the response correlates with that in the corresponding request.
Extension elements and attributes MUST NOT use the Web Services Transfer namespace URI.
An implementation is not compliant with this specification if it fails to satisfy one or more of the MUST or REQUIRED level requirements defined herein. A SOAP Node MUST NOT use the XML namespace identifier for this specification (listed in 2.2 XML Namespaces ) within SOAP Envelopes unless it is compliant with this specification.
Normative text within this specification takes precedence over the XML Schema and WSDL descriptions, which in turn take precedence over outlines, which in turn take precedence over examples.
All messages defined by this specification MUST be sent to a Web service that is addressable by an EPR (see [WS-Addressing] ).
Unless otherwise noted, all URIs
IRIs are absolute URIs IRIs and
URI IRI
comparison MUST be performed according to [RFC
3986] 3987] section 6.2.1. 5.3.1.
For any message defined by this specification, any OPTIONAL elements or attributes in the message MAY be used by senders of the message, however receivers of those messages MUST understand those OPTIONAL elements and attributes, unless other behavior is explicitly defined by this specification.
A compliant SOAP Node that implements a resource MUST provide the Get operation as defined in this specification, and MAY provide the Put and Delete operations.
This specification defines one Web service operation (Get) for fetching a one-time snapshot of the representation of a resource.
The Get request message MUST be of the following form:
[Action]http://www.w3.org/2009/02/ws-tra/Gethttp://www.w3.org/2009/09/ws-tra/Get [Body]<wst:Get Dialect=""? ...> *<wst:Get Dialect="xs:anyURI"? ...> xs:any* </wst:Get>
The following describes additional, normative constraints on the outline listed above:
This is a REQUIRED element that has no defined child element content. However, it MAY include child element content as defined by an extension(s).
When this OPTIONAL attribute is present it contains a
URI IRI
that refers to additional information for the service on how to
process this element. If the attribute is present but the dialect
URI IRI is
not known then the service MUST generate an UnknownDialect wst:UnknownDialect fault. There is no default
value for the attribute. If the attribute is absent, then the base
behavior is used.
The WS-Fragment [WS-Fragment]
specification defines this dialect URI.
IRI. Use of this URI IRI indicates that
the contents of the Get element MUST be processed as specified by
the WS-Fragment [WS-Fragment]
specification.
A Get request MUST be targeted at the resource whose representation is desired as described in 2 Terminology and Notation of this specification.
If the resource accepts a Get request, it MUST reply with a response of the following form:
[Action]http://www.w3.org/2009/02/ws-tra/GetResponsehttp://www.w3.org/2009/09/ws-tra/GetResponse [Body] <wst:GetResponse ...> xs:any* </wst:GetResponse>
The following describes additional, normative constraints on the outline listed above:
This REQUIRED element MUST have as its first child element, an element that comprises the representation of the resource. Additional extension elements MAY be included after the element representing the resource.
Other components of the outline above are not further constrained by this specification.
This operation is safe; it will not result in any side effect imputable to the requester. This means that in case of an underlying protocol error that might get unnoticed, resending the same request can be done automatically.
The following shows a sample SOAP envelope containing a Get request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> http://www.fabrikam123.example.org/pullport </wsa:Address> </wsa:ReplyTo> <wsa:To>http://www.example.org/repository</wsa:To> <xxx:CustomerID wsa:IsReferenceParameter="true"> 732199 </xxx:CustomerID> <xxx:Region wsa:IsReferenceParameter="true"> EMEA </xxx:Region> <wsa:Action>http://www.w3.org/2009/02/ws-tra/Gethttp://www.w3.org/2009/09/ws-tra/Get </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000046 </wsa:MessageID> </s:Header> <s:Body> <wst:Get/> </s:Body> </s:Envelope>
The following shows the corresponding response message:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>http://www.fabrikam123.example.org/pullport</wsa:Address> <wsa:Action>http://www.w3.org/2009/02/ws-tra/GetResponsehttp://www.w3.org/2009/09/ws-tra/GetResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000046 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000046 </wsa:RelatesTo> </s:Header> <s:Body> <wst:GetResponse> <xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>123 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer> </wst:GetResponse> </s:Body> </s:Envelope>
In this example, the representation of the resource is the following XML element:
<xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>123 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer>
This specification defines one Web service operation (Put) for
updating a resource by providing a replacement representation. A
resource MAY accept updates that provide different XML
representations than that returned by the resource; in such a case,
the semantics of the update operation is defined by the resource. http://www.w3.org/2009/02/ws-tra/Put
the resource.
Unless otherwise specified by an extension, this operation will replace the entire XML representation of the resource, and any OPTIONAL values (elements or attributes) not specified in the Put request message will be set to a resource-specific default value.
The Put request message MUST be of the following form:
[Action] http://www.w3.org/2009/09/ws-tra/Put [Body] <wst:Put Dialect="xs:anyURI"? ...> xs:any* </wst:Put>
The following describes additional, normative constraints on the outline listed above:
This REQUIRED element MUST have as its first child element, an element that comprises the representation of the resource that is to be replaced. Additional extension elements MAY be included after the element representing the resource.
When this OPTIONAL attribute is present it contains a
URI IRI
that refers to additional information for the service on how to
process this element. If the attribute is present but the dialect
URI IRI is
not known then the service MUST generate an UnknownDialect wst:UnknownDialect fault. There is no default
value for the attribute. If the attribute is absent, then the base
behavior is used.
The WS-Fragment [WS-Fragment]
specification defines this dialect URI.
IRI. Use of this URI IRI indicates that
the contents of the Put element MUST be processed as specified by
the WS-Fragment [WS-Fragment]
specification.
A Put request MUST be targeted at the resource whose representation is desired to be replaced, as described in 2 Terminology and Notation of this specification.
Implementations MAY use the fault code wst:InvalidRepresentation if the presented representation is invalid for the target resource. The replacement representation could be considered to be invalid if it does not conform to the schema(s) for the target resource or otherwise violates some cardinality or type constraint. If an implementation detects that the presented representation is invalid it MUST generate a wst:InvalidRepresentation fault.
The replacement representation could contain within it element or attribute values that are different than their corresponding values in the current representation. Such changes could affect elements or attributes that, for whatever reason, the implementation does wish to allow the client to change. An implementation MAY choose to ignore such elements or attributes, or it MAY generate a wst:PutDenied fault. See 5 Faults .
Other components of the outline above are not further constrained by this specification.
A successful Put operation updates the current representation associated with the targeted resource. An unsuccessful Put operation does not affect the resource.
If the resource accepts a Put request and performs the requested update, it MUST reply with a response of the following form:
[Action]http://www.w3.org/2009/02/ws-tra/PutResponsehttp://www.w3.org/2009/09/ws-tra/PutResponse [Body] <wst:PutResponse ...> xs:any* </wst:PutResponse>
This REQUIRED element, if it contains any child elements, MUST have as its first child element, an element that comprises the representation of the resource that has been updated. Additional extension elements MAY be included after the element representing the resource.
As an optimization and as a service to the requester, if there are no extension elements this element SHOULD be empty if the updated representation does not differ from the representation sent in the Put request message; that is, if the service accepted the new representation verbatim.
Such a response (an empty wst:PutResponse) implies that the update request was successful in its entirety (assuming no intervening mutating operations are performed). A service MAY return the current representation of the resource as the child of the wst:PutResponse element even in this case, however.
Other components of the outline above are not further constrained by this specification.
The following shows a sample SOAP envelope containing a Put request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> http://www.fabrikam123.example.org/sender </wsa:Address> </wsa:ReplyTo> <wsa:To>http://www.example.org/pushport</wsa:To> <xxx:CustomerID wsa:IsReferenceParameter="true"> 732199 </xxx:CustomerID> <xxx:Region wsa:IsReferenceParameter="true"> EMEA </xxx:Region> <wsa:Action>http://www.w3.org/2009/02/ws-tra/Puthttp://www.w3.org/2009/09/ws-tra/Put </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000047 </wsa:MessageID> </s:Header> <s:Body> <wst:Put> <xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>321 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer> </wst:Put> </s:Body> </s:Envelope>
The following shows the corresponding response message indicating success:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>http://www.fabrikam123.example.org/sender</wsa:Address> <wsa:Action>http://www.w3.org/2009/02/ws-tra/PutResponsehttp://www.w3.org/2009/09/ws-tra/PutResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000047 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000047 </wsa:RelatesTo> </s:Header> <s:Body> <wst:PutResponse/> </s:Body> </s:Envelope>
This specification defines one Web service operation (Delete) for deleting a resource in its entirety.
The Delete request message MUST be of the following form:
[Action]http://www.w3.org/2009/02/ws-tra/Deletehttp://www.w3.org/2009/09/ws-tra/Delete [Body] <wst:Delete Dialect="xs:anyURI"? ...> xs:any* </wst:Delete>
The following describes additional, normative constraints on the outline listed above:
This is a REQUIRED element that has no defined child element content. However, it MAY include child element content as defined by an extension(s).
When this OPTIONAL attribute is present it contains a
URI IRI
that refers to additional information for the service on how to
process this element. If the attribute is present but the dialect
URI IRI is
not known then the service MUST generate an UnknownDialect wst:UnknownDialect fault. There is no default
value for the attribute. If the attribute is absent, then the base
behavior is used.
The WS-Fragment [WS-Fragment]
specification defines this dialect URI.
IRI. Use of this URI IRI indicates that
the contents of the Delete element MUST be processed as specified
by the WS-Fragment [WS-Fragment]
specification.
A Delete request MUST be targeted at the resource to be deleted as described in 2 Terminology and Notation of this specification.
Implementations MAY respond with a fault message using the
standard fault codes defined in WS-Addressing (e.g.,
wsa:ActionNotSupported
). Other components of the
outline above are not further constrained by this
specification.
A successful Delete operation invalidates
the current representation associated with deletes the targeted resource.
If the resource accepts a Delete request, it MUST reply with a response of the following form:
[Action]http://www.w3.org/2009/02/ws-tra/DeleteResponsehttp://www.w3.org/2009/09/ws-tra/DeleteResponse [Body] <wst:DeleteResponse ...> xs:any* </wst:DeleteResponse>
This REQUIRED element MAY contain extension elements.
Other components of the outline above are not further constrained by this specification.
The following shows a sample SOAP envelope containing a Delete request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> http://www.fabrikam123.example.org/sender </wsa:Address> </wsa:ReplyTo> <wsa:To>http://www.example.org/pushport</wsa:To> <xxx:CustomerID wsa:IsReferenceParameter="true"> 732199 </xxx:CustomerID> <xxx:Region wsa:IsReferenceParameter="true"> EMEA </xxx:Region> <wsa:Action>http://www.w3.org/2009/02/ws-tra/Deletehttp://www.w3.org/2009/09/ws-tra/Delete </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000049 </wsa:MessageID> </s:Header> <s:Body> <wst:Delete/> </s:Body> </s:Envelope>
The following shows the corresponding response message indicating success:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>http://www.fabrikam123.example.org/sender</wsa:Address> <wsa:Action>http://www.w3.org/2009/02/ws-tra/DeleteResponsehttp://www.w3.org/2009/09/ws-tra/DeleteResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000049 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000049 </wsa:RelatesTo> </s:Header> <s:Body> <wst:DeleteResponse/> </s:Body> </s:Envelope>
This specification defines one Web service operation (Create) for creating a resource and providing its initial representation. In some cases, the initial representation MAY constitute the representation of a logical constructor for the resource and can thus differ structurally from the representation returned by Get or the one required by Put. This is because the parameterization requirement for creating a resource is often distinct from the steady-state representation of the resource. Implementations SHOULD provide metadata which describes the use of the representation and how it relates to the resource which is created, but such mechanisms are beyond the scope of this specification. The resource factory that receives a Create request will allocate a new resource that is initialized from the presented representation. The new resource will be assigned a service-determined endpoint reference that is returned in the response message.
The Create request message MUST be of the following form:
[Action]http://www.w3.org/2009/02/ws-tra/Createhttp://www.w3.org/2009/09/ws-tra/Create [Body] <wst:Create Dialect="xs:anyURI"? ...> xs:any* </wst:Create>
The following describes additional, normative constraints on the outline listed above:
This REQUIRED element MAY contain zero or more child elements. If this element does not contain a child element then the resource will be created using default values. The first child element, if present, MUST be the literal resource representation, a representation of the constructor for the resource, or other instructions for creating the resource. Additional extension elements MAY be included only after the mandated first child element.
When this OPTIONAL attribute is present it contains a
URI IRI
that refers to additional information for the service on how to
process this element. If the attribute is present but the dialect
URI IRI is
not known then the service MUST generate an UnknownDialect wst:UnknownDialect fault. There is no default
value for the attribute. If the attribute is absent, then the base
behavior is used.
The WS-Fragment [WS-Fragment]
specification defines this dialect URI.
IRI. Use of this URI IRI indicates that
the contents of the Create element MUST be processed as specified
by the WS-Fragment [WS-Fragment]
specification.
A Create request MUST be targeted at a resource factory capable of creating the desired new resource. This factory is distinct from the resource being created (which by definition does not exist prior to the successful processing of the Create request message).
In addition to the standard fault codes defined in WS-Addressing, implementations MAY use the fault code wst:InvalidRepresentation if the presented representation is invalid for the target resource. See 5 Faults .
Other components of the outline above are not further constrained by this specification.
If the resource factory accepts a Create request, it MUST reply with a response of the following form:
[Action]http://www.w3.org/2009/02/ws-tra/CreateResponsehttp://www.w3.org/2009/09/ws-tra/CreateResponse [Body] <wst:CreateResponse ...> <wst:ResourceCreated>endpoint-reference</wst:ResourceCreated> xs:any* </wst:CreateResponse>
This REQUIRED element MUST have as its first child element an Endpoint Reference (wst:ResourceCreated element) to the newly created resource.
A service MUST also return the current representation of the new resource as the second child of the wst:CreateResponse element if the created representation logically differs from the representation sent in the Create request message. That is, the initial representation is returned if one or more values present in Create message was specifically overridden with a different value during resource creation. If default values are used to complete a resource creation which were not present in the Create message, then this does not constitute a logical difference.
As an optimization and as a service to the requestor, the wst:CreateResponse element of the response message SHOULD be empty, other than the ResourceCreated element, if the created representation does not logically differ from the representation sent in the Create request message and there are no extension elements; that is, if the service accepted the new representation or creation instructions verbatim. Such a response indicates that the request was completely successful (assuming no intervening mutating operations are performed). A service MAY return the current representation of the resource as the second child of the wst:CreateResponse element even in this case, however.
Additional extension elements MAY be included after the element representing the resource.
This required element MUST contain a
resource be an endpoint reference
for the newly created resource. This resource
reference, represented as an endpoint reference as defined in WS-Addressing, MUST identify the
resource for future Get, Put, and Delete operations.
Other components of the outline above are not further constrained by this specification.
The following shows a sample SOAP envelope containing a Create request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> http://www.fabrikam123.example.org/sender </wsa:Address> </wsa:ReplyTo> <wsa:To>http://www.example.org/pushport/CustomerSpace</wsa:To> <wsa:Action>http://www.w3.org/2009/02/ws-tra/Createhttp://www.w3.org/2009/09/ws-tra/Create </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000048 </wsa:MessageID> </s:Header> <s:Body> <wst:Create> <xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>123 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer> </wst:Create> </s:Body> </s:Envelope>
The following shows the corresponding response message indicating success:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing"xmlns:wst="http://www.w3.org/2009/02/ws-tra"xmlns:wst="http://www.w3.org/2009/09/ws-tra" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>http://www.fabrikam123.example.org/sender</wsa:Address> <wsa:Action>http://www.w3.org/2009/02/ws-tra/CreateResponsehttp://www.w3.org/2009/09/ws-tra/CreateResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000048 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000048 </wsa:RelatesTo> </s:Header> <s:Body> <wst:CreateResponse> <wst:ResourceCreated> <wsa:Address>http://www.example.org/pushport</wsa:Address> <wsa:ReferenceParameters> <xxx:CustomerID>732199</xxx:CustomerID> <xxx:Region>EMEA</xxx:Region> </wsa:ReferenceParameters> </wst:ResourceCreated> </wst:CreateResponse> </s:Body> </s:Envelope>
All fault messages defined in this specification MUST be sent according to the rules and usage described in [WS-Addressing 1.0 SOAP Binding] Section 6 for encoding SOAP 1.1 and SOAP 1.2 faults. The [Action] property below MUST be used for faults defined in this specification:
http://www.w3.org/2009/02/ws-tra/faulthttp://www.w3.org/2009/09/ws-tra/fault
The definitions of faults in this section use the following properties:
[Code] The fault code.
[Subcode] The fault subcode.
[Reason] The English language reason element.
[Detail] The detail element. If absent, no detail element is
defined for the fault.
For SOAP 1.2, the [Code] property MUST be either "Sender" or "Receiver". These properties are serialized into text XML as follows:
SOAP Version | Sender | Receiver |
---|---|---|
SOAP 1.2 | s12:Sender | s12:Receiver |
The properties above bind to a SOAP 1.2 fault as follows:
<s12:Envelope><s12:Header> <wsa:Action> </wsa:Action> <!-- Headers elided for brevity. --> </s12:Header> <s12:Body> <s12:Fault> <s12:Code> <s12:Value></s12:Value> <s12:Subcode> <s12:Value></s12:Value> </s12:Subcode> </s12:Code> <s12:Reason> <s12:Text xml:lang="en"></s12:Text> </s12:Reason> <s12:Detail> ... </s12:Detail> </s12:Fault> </s12:Body><s12:Header> <wsa:Action> [Action] </wsa:Action> <!-- Headers elided for brevity. --> </s12:Header> <s12:Body> <s12:Fault> <s12:Code> <s12:Value>[Code]</s12:Value> <s12:Subcode> <s12:Value>[Subcode]</s12:Value> </s12:Subcode> </s12:Code> <s12:Reason> <s12:Text xml:lang="en">[Reason]</s12:Text> </s12:Reason> <s12:Detail> [Detail] ... </s12:Detail> </s12:Fault> </s12:Body> </s12:Envelope>
The properties bind to a SOAP 1.1 fault as follows:
<s11:Envelope> <s11:Body> <s11:Fault> <faultcode> [Subcode] </faultcode> <faultstring xml:lang="en"> [Reason] </faultstring> <detail> [Detail] ... </detail> </s11:Fault> </s11:Body> </s11:Envelope>
This fault is generated when an incorrect representation is sent in a wst:Put or wst:Create message.
[Code] | s:Sender |
---|---|
[Subcode] | wst:InvalidRepresentation |
[Reason] | The supplied representation is invalid |
[Detail] | none |
This fault is generated when a service detects an unknown
Dialect URI IRI in a request message.
[Code] | s:Sender |
---|---|
[Subcode] | wst:UnknownDialect |
[Reason] | The specified Dialect |
[Detail] | The unknown |
This fault is generated when a Put request message attempts to modify a portion of a resource but is not allowed to do so.
[Code] | s:Sender |
---|---|
[Subcode] | wst:UpdateDenied |
[Reason] | One or more elements or attributes cannot be updated. |
[Detail] | An |
It is strongly RECOMMENDED that the communication between services be secured using the mechanisms described in [WS-Security] .
In order to properly secure messages, the body (even if empty)
and all relevant headers need to be included in the signature.
Specifically, the WS-Addressing header blocks, WS-Security
timestamp, and any header blocks resulting from a
<wsa:ReferenceParameters>
in references need to
be signed along with the body in order to "bind" them together and
prevent certain types of attacks.
If a requestor is issuing multiple messages to a resource reference, then it is RECOMMENDED that a security context be established using the mechanisms described in WS-Trust and WS-SecureConversation. It is further RECOMMENDED that if shared secrets are used, message-specific derived keys also be used to protect the secret from crypto attacks.
The access control semantics of resource references is out-of-scope of this specification and are specific to each resource reference. Similarly, any protection mechanisms on resource references independent of transfer (e.g. embedded signatures and encryption) are also out-of-scope.
It is RECOMMENDED that the security considerations of WS-Security also be considered.
While a comprehensive listing of attacks is not feasible, the following list summarizes common classes of attacks that apply to this protocol and identifies the mechanism(s) to prevent/mitigate the attacks.
Replay - Messages, or portions of messages, can be replayed in an attempt to gain access or disrupt services. Freshness checks such as timestamps, digests, and sequences can be used to detect duplicate messages.
Invalid tokens - There are a number of token attacks including certificate authorities, false signatures, and PKI attacks. Care SHOULD be taken to ensure each token is valid (usage window, digest, signing authority, revocation, ...), and that the appropriate delegation policies are in compliance.
Man-in-the-middle - The message exchanges in this specification could be subject to man-in-the-middle attacks so care SHOULD be taken to reduce possibilities here such as establishing a secure channel and verifying that the security tokens user represent identities authorized to speak for, or on behalf of, the desired resource reference.
Message alteration - Alteration is prevented by including signatures of the message information using WS-Security. Care SHOULD be taken to review message part references to ensure they haven't been forged (e.g. ID duplication).
Message disclosure - Confidentiality is preserved by encrypting sensitive data using WS-Security.
Key integrity - Key integrity is maintained by using the strongest algorithms possible (by comparing secured policies - see [WS-Policy] and [WS-SecurityPolicy] and by using derived keys ( [WS-SecureConversation] ).
Authentication - Authentication is established using the mechanisms described in WS-Security and WS-Trust. Each message is authenticated using the mechanisms described in WS-Security.
Accountability - Accountability is a function of the type of and string of the key and algorithms being used. In many cases, a strong symmetric key provides sufficient accountability. However, in some environments, strong PKI signatures are required.
Availability - All reliable messaging services are subject to a variety of availability attacks. Replay detection is a common attack and it is RECOMMENDED that this be addressed by the mechanisms described in WS-Security. Other attacks, such as network-level denial of service attacks are harder to avoid and are outside the scope of this specification. That said, care SHOULD be taken to ensure that minimal state is saved prior to any authenticating sequences.
An endpoint MAY indicate that it supports WS-Transfer, or its
features, by including the WS-Transfer Policy assertion(s) assertion
within its WSDL. By doing so the endpoint is indicating that the
corresponding WS-Transfer operations are supported by that endpoint
even though they do not explicitly appear in its WSDL.
The WS-Transfer WSDL containing the operations indicated by the TransferResource Assertion MAY be exposed as described in WS-MetadataExchange [WS-MetadataExchange] Section 9. This WS-Transfer WSDL can be annotated to indicate any endpoint specific metadata that might be needed by clients interacting with this service. For example, the WSDL MAY have policy assertions that indicate a particular security mechanism used to protect the WS-Transfer operations supported by this endpoint.
The mechanism for indicating that a binding or endpoint conforms to the WS-Transfer specification's definition of a Transfer Resource is through the use of the Web Services Policy - Framework [WS-Policy] and Web Services Policy - Attachment [WS-Policy Attachment] specifications.
This specification defines a policy assertion (wst:TransferResource). The wst:TransferResource policy assertion applies to the endpoint policy subject.
For WSDL 1.1, these assertions MAY be attached to wsdl11:port or wsdl11:binding. For WSDL 2.0, they MAY be attached to wsdl20:endpoint or wsdl20:binding. A policy expression containing the wst:TransferResource policy assertion MUST NOT be attached to a wsdl:portType or wsdl20:interface.
The wst:TransferResource policy assertion is a nested policy container assertion. The meaning of this assertion, when present in a policy alternative, is that WS-Transfer is required to communicate with the subject and that the subject is a WS-Transfer Resource.
In order to indicate that the subject supports WS-Transfer but does not require its use, an additional policy alternative SHOULD be provided which does not contain this assertion. The compact authoring style for an OPTIONAL policy assertion (the wsp:Optional attribute) provided by WS-Policy MAY be used to indicate two policy alternatives, one which contains the policy assertion, and another which does not.
The normative outline of this assertion is:
<wst:TransferResource ...> <wst:PutOperationSupported .../> ? <wst:DeleteOperationSupported .../> ? <wst:FaultOnPutDenied.../> ? <wst:Dialect ...> xs:anyURI </wst:Dialect> * <wst:Resource ...> xs:QName </wst:Resource> ? ... </wst:TransferResource>
The following describes additional, normative constraints on the outline listed above:
This policy assertion specifies that WS-Transfer protocol MUST be used when communicating with this endpoint and that the subject is a Transfer Resource. This assertion has Endpoint Policy Subject. Unless support for OPTIONAL operations is explicitly indicated by either the PutOperationSupported or DeleteOperationSupported parameters only the Get operation is supported.
When present, this OPTIONAL parameter indicates that the Put operation is supported by this endpoint.
When present, this OPTIONAL parameter indicates that the Delete operation is supported by this endpoint.
When present, this OPTIONAL parameter indicates that attempts to change portions of the representation that are read-only will generate a wst:PutDenied fault. If this parameter is not present, attempts to modify read-only portions of the resource representation will be ignored without any fault being generated.
When present, this OPTIONAL parameter indicates support for the specified Dialect IRI.
When present, this OPTIONAL parameter provides the QName referencing the Global Element Declaration (GED) or type of this resource. This QName can be used in order to retrieve the schema of the resource.
The mechanism for indicating that a binding or endpoint conforms to the WS-Transfer specification's definition of a Transfer Resource Factory is through the use of the Web Services Policy - Framework [WS-Policy] and Web Services Policy - Attachment [WS-Policy Attachment] specifications.
This specification defines a policy assertion (wst:TransferResourceFactory). The wst:TransferResourceFactory policy assertion applies to the endpoint policy subject.
For WSDL 1.1, these assertions MAY be attached to wsdl11:port or wsdl11:binding. For WSDL 2.0, they MAY be attached to wsdl20:endpoint or wsdl20:binding. A policy expression containing the wst:TransferResourceFactory policy assertion MUST NOT be attached to a wsdl:portType or wsdl20:interface.
The wst:TransferResourceFactory policy assertion is a nested policy container assertion. The meaning of this assertion, when present in a policy alternative, is that WS-Transfer is required to communicate with the subject and that the subject is a WS-Transfer Resource Factory.
In order to indicate that the subject supports WS-Transfer but does not require its use, an additional policy alternative SHOULD be provided which does not contain this assertion. The compact authoring style for an OPTIONAL policy assertion (the wsp:Optional attribute) provided by WS-Policy MAY be used to indicate two policy alternatives, one which contains the policy assertion, and another which does not.
The normative outline of this assertion is:
<wst:TransferResourceFactory ...> <wst:Dialect ...> xs:anyURI </wst:Dialect> * ... </wst:TransferResourceFactory>
The following describes additional, normative constraints on the outline listed above:
This policy assertion specifies that WS-Transfer Create operation MUST be used when communicating with this endpoint. This assertion has Endpoint Policy Subject.
When present, this OPTIONAL parameter indicates support for the specified Dialect IRI.
This specification has been developed as a result of joint work
with many individuals and teams, including: Ashok Malhotra (Oracle
Corp.), Asir Vedamuthu (Microsoft Corp.), Bob Freund (Hitachi,
Ltd.), Doug Davis (IBM), Fred Maciel (Hitachi, Ltd.), Geoff Bullen
(Microsoft Corp.), Gilbert Pilz (Oracle Corp.), Greg Carpenter
(Microsoft Corp.), Jeff Mischkinsky (Oracle Corp.), Katy Warr
(IBM), Li Li (Avaya Communications), Mark Little (Red Hat), Prasad
Yendluri (Software AG), Ram Jeyaraman (Microsoft Corp.), Sreedhara
Narayanaswamy (CA), Sumeet Vij (Software AG), Vikas Varma (Software
AG), Wu Chou (Avaya Communications), Yves Lafon (W3C) (W3C).
A normative copy of the XML Schema [XML
Schema, [XMLSchema - Part 1] , [XML Schema, [XMLSchema - Part 2] description for this
specification can be retrieved from the following address:
http://www.w3.org/2009/02/ws-tra/transfer.xsdhttp://www.w3.org/2009/09/ws-tra/transfer.xsd
A non-normative copy of the XML schema is listed below for
convenience.<xs:schema
targetNamespace="http://www.w3.org/2009/02/ws-tra"
xmlns:tns="http://www.w3.org/2009/02/ws-tra" convenience.
<xs:schema targetNamespace="http://www.w3.org/2009/09/ws-tra" xmlns:tns="http://www.w3.org/2009/09/ws-tra" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://www.w3.org/2005/08/addressing" elementFormDefault="qualified" blockDefault="#all" > <xs:import namespace="http://www.w3.org/2005/08/addressing" schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd" /> <xs:element name="Get"> <xs:complexType> <xs:sequence> <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" /> </xs:sequence> <xs:attribute name="Dialect" type="xs:anyURI" use="optional" /> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element> <xs:element name="GetResponse"> <xs:complexType> <xs:sequence> <xs:any minOccurs="1" maxOccurs="unbounded" namespace="##other" processContents="lax" /> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element> <xs:element name="Put"> <xs:complexType> <xs:sequence> <xs:any minOccurs="1" maxOccurs="unbounded" namespace="##other" processContents="lax" /> </xs:sequence> <xs:attribute name="Dialect" type="xs:anyURI" use="optional" /> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element> <xs:element name="PutResponse"> <xs:complexType> <xs:sequence> <xs:any minOccurs="1" namespace="##other" processContents="lax" /> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element> <xs:element name="Delete"> <xs:complexType> <xs:sequence> <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" /> </xs:sequence> <xs:attribute name="Dialect" type="xs:anyURI" use="optional" /> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element> <xs:element name="DeleteResponse"> <xs:complexType> <xs:sequence> <xs:any minOccurs="0" namespace="##other" processContents="lax" /> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element> <xs:element name="Create"> <xs:complexType> <xs:sequence> <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" /> </xs:sequence> <xs:attribute name="Dialect" type="xs:anyURI" use="optional" /> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element> <xs:element name="CreateResponse"> <xs:complexType> <xs:sequence> <xs:element name="ResourceCreated" type="wsa:EndpointReferenceType" /> <xs:any minOccurs="0" namespace="##other" processContents="lax" /> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element></xs:schema> B WSDLA normative copy of the WSDL [WSDL 1.1] description for this specification can be retrieved from the following address: http://www.w3.org/2009/02/ws-tra/transfer.wsdl<!-- Policy --> <xs:complexType name="URI"> <xs:simpleContent> <xs:extension base="xs:anyURI"> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:extension> </xs:simpleContent> </xs:complexType> <xs:complexType name="Empty"> <xs:sequence/> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:element name="TransferResource"> <xs:complexType> <xs:sequence> <xs:element name="PutOperationSupported" type="tns:Empty" minOccurs="0"/> <xs:element name="DeleteOperationSupported" type="tns:Empty" minOccurs="0"/> <xs:element name="FaultOnPutDenied" type="tns:Empty" minOccurs="0"/> <xs:element name="Dialect" type="tns:URI" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="Resource" type="xs:QName" minOccurs="0"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element>A non-normative copy of the WSDL description is listed below for convenience.<wsdl:definitions targetNamespace="http://www.w3.org/2009/02/ws-tra" xmlns:tns="http://www.w3.org/2009/02/ws-tra" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <wsdl:types> <xs:schema> <xs:import namespace="http://www.w3.org/2009/02/ws-tra" schemaLocation="http://www.w3.org/2009/02/ws-tra/transfer.xsd" /> </xs:schema> </wsdl:types> <wsdl:message name="GetMessage"> <wsdl:part name="Body" element="tns:Get"/> </wsdl:message> <wsdl:message name="GetResponseMessage"> <wsdl:part name="Body" element="tns:GetResponse"/> </wsdl:message> <wsdl:message name="PutMessage"> <wsdl:part name="Body" element="tns:Put"/> </wsdl:message> <wsdl:message name="PutResponseMessage"> <wsdl:part name="Body" element="tns:PutResponse"/> </wsdl:message> <wsdl:message name="DeleteMessage"> <wsdl:part name="Body" element="tns:Delete"/> </wsdl:message> <wsdl:message name="DeleteResponseMessage"> <wsdl:part name="Body" element="tns:DeleteResponse"/> </wsdl:message> <wsdl:message name="CreateMessage"> <wsdl:part name="Body" element="tns:Create"/> </wsdl:message> <wsdl:message name="CreateResponseMessage"> <wsdl:part name="Body" element="tns:CreateResponse"/> </wsdl:message> <wsdl:portType name="Resource"> <wsdl:documentation> This port type defines a resource that can be read, written, and deleted. </wsdl:documentation> <wsdl:operation name="Get"> <wsdl:input message="tns:GetMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/Get"/> <wsdl:output message="tns:GetResponseMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/GetResponse" /> </wsdl:operation> <wsdl:operation name="Put"> <wsdl:input message="tns:PutMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/Put" /> <wsdl:output message="tns:PutResponseMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/PutResponse" /> </wsdl:operation> <wsdl:operation name="Delete"> <wsdl:input message="tns:DeleteMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/Delete" /> <wsdl:output message="tns:DeleteResponseMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/DeleteResponse" /> </wsdl:operation> </wsdl:portType><xs:element name="TransferResourceFactory"> <xs:complexType> <xs:sequence> <xs:element name="Dialect" type="tns:URI" minOccurs="0" maxOccurs="unbounded"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType> </xs:element><wsdl:portType name="ResourceFactory"> <wsdl:documentation> This port type defines a Web service that can create new resources. </wsdl:documentation> <wsdl:operation name="Create"> <wsdl:input message="tns:CreateMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/Create" /> <wsdl:output message="tns:CreateResponseMessage" wsam:Action="http://www.w3.org/2009/02/ws-tra/CreateResponse" /> </wsdl:operation> </wsdl:portType> </wsdl:definitions></xs:schema>
Data | Author | Description |
---|---|---|
2009/03/04 | DD | Added resolution of issue 6391 |
2009/03/04 | DD | Added resolution of issue 6588 |
2009/03/04 | DD | Added resolution of issue 6519 |
2009/03/09 | DD | Added resolution of issue 6398 |
2009/03/11 | DD | Added change log |
2009/03/11 | DD | Added resolution of issue 6641 |
2009/03/11 | DD | Added resolution of issue 6425 |
2009/03/23 | DD | Added resolution of issue 6666 |
2009/03/24 | DD | Added resolution of issue 6648 |
2009/04/20 | DD | Added resolution of issue 6730 |
2009/04/22 | KW | Added resolution of issue 6739 |
2009/05/12 | DD | Added resolution of issue 6433 |
2009/05/13 | DD | Added resolution of issues 6672 , 6673 , 6594 |
2009/05/19 | DD | Added resolution of issue 6849 |
2009/05/19 | DD | Added resolution of issue 6907 |
2009/05/21 | DD | Added resolution of issue 6674 |
2009/05/27 | DD | Added resolution of issue 6906 |
2009/06/10 | DD | Added resolution of issue 6712 |
2009/06/10 | DD | Added resolution of issue 6924 |
2009/07/07 | DD | Added resolution of issues 7014 ,6975 ,6413 |
2009/08/05 | DD | Added resolution of issue 7159 |
2009/08/18 | DD | Added resolution of issue 7206 |
2009/08/18 | DD | Added resolution of issue 7191 |
2009/08/25 | DD | Added resolution of issue 7365 |
2009/08/25 | DD | Added resolution of issue 7270 |
2009/09/01 | DD | Added resolution of issue 6704 |
2009/09/02 | DD | Added resolution of issue 6694 |
2009/09/02 | DD | Added resolution of issue 6533 |
2009/09/16 | DD | Added resolution of issue 7486 |
2009/09/23 | DD | Added resolution of issue 6572 |
2009/10/02 | DD | Added resolution of issue 7426 |
2009/10/05 | DD | Added resolution of issue 7731 ,6721 |