Web
Services Transfer (WS-Transfer)
Latest version:
http://www.w3.org/TR/ws-transfer
Previous
version:
http://www.w3.org/TR/2009/WD-ws-transfer-20090317
Editors:
Doug Davis, IBM
Ashok Malhotra, Oracle
Katy Warr, IBM
Wu Chou, Avaya
Copyright © 2009 W3C®
(MIT,
ERCIM,
Keio), All Rights Reserved. W3C liability,
trademark
and document
use rules apply.
This specification describes a general
SOAP-based protocol for accessing XML representations of Web service-based
resources.
This document is an
editors' copy that has no official standing.
1 Introduction
1.1 Requirements
2 Terminology and Notation
2.1 Terminology
2.2 XML Namespaces
2.3 Notational Conventions
2.4 Considerations on the Use of
Extensibility Points
2.5 Compliance
3 Resource Operations
3.1 Get
3.2 Put
3.3 Delete
4 Resource Factory Operations
4.1 Create
5 Faults
5.1 InvalidRepresentation
5.2 UnknownDialect
5.3 PutDenied
6 Security Considerations
7 Acknowledgements
8 References
A XML Schema
B WSDL
C Change Log
This specification defines a mechanism for
acquiring XML-based representations of entities using the Web service
infrastructure. It defines two types of entities:
·
Resources, which are entities addressable by
an endpoint reference that provide an XML representation
·
Resource factories, which are Web services
that can create a new resource from an XML representation
Specifically, it defines two operations for
sending and receiving the representation of a given resource and two operations
for creating and deleting a resource and its corresponding representation.
It should be nNoted
that the state maintenance of a resource is at most subject to the "best
efforts" of the hosting server. When a client receives the server's
acceptance of a request to create or update a resource, it can reasonably
expect that the resource now exists at the confirmed location and with the
confirmed representation, but this is not a guarantee, even in the absence of
any third parties. The server may MAY change the
representation of a resource, may MAY remove a
resource entirely, or may MAY bring back a
resource that was deleted.
For instance, the server may might store
resource state information on a disk drive. If that drive crashes and the
server recovers state information from a backup tape, changes that occurred
after the backup was made will be lost.
A server may MAY have
other operational processes that change resource state information. A server may might run
a background process that examines resources for objectionable content and
deletes any such resources it finds. A server may can purge
resources that have not been accessed for some period of time. A server may could apply
storage quotas that cause it to occasionally purge resources.
In essence, the confirmation by a service of
having processed a request to create, modify, or delete a resource implies a
commitment only at the instant that the confirmation was generated. While the
usual case is
should be that resources are
long-lived and stable, there are no guarantees, and clients should are advised to code
defensively.
There is no requirement for uniformity in
resource representations between the messages defined in this specification.
For example, the representations required by Create or Put may can differ
from the representation returned by Get, depending on the semantic requirements
of the service. Additionally, there is no requirement that the resource content
is fixed for any given endpoint reference. The resource content may can vary
based on environmental factors, such as the security context, time of day,
configuration, or the dynamic state of the service.
As per the SOAP processing model, other
specifications may MAY define SOAP
headers which may can be optionally
added to request messages to require the transfer of subsets or the application
of transformations of the resource associated with the endpoint reference. When
the Action URIs defined by this specification are
used, such extension specifications must also allow the basic processing models
defined herein.
This specification intends to meet the
following requirements:
·
Provide a SOAP-based protocol for managing
resources and their representations.
·
Minimize additional mechanism beyond the
current Web Services architecture.
Resource
A Web service that is addressable using an endpoint
reference and can be represented by an XML Information Set. The representation can be retrieved using
the Get operation and can be manipulated using the Put and Delete operations.
Resource factory
A Web service that is capable of creating new resources using the Create
operation defined in this specification.
The XML Namespace URI that MUST be used by
implementations of this specification is:
Table 2-1 lists XML
namespaces that are used in this specification. The choice of any namespace
prefix is arbitrary and not semantically significant.
|
Table 2-1: Prefixes
and XML Namespaces used in this specification. |
||
|
Prefix |
XML Namespace |
Specification(s) |
|
wst |
This specification |
|
|
s |
Either SOAP 1.1 or 1.2 |
SOAP |
|
s11 |
||
|
s12 |
||
|
wsa |
||
|
wsdl |
||
|
xs |
XML Schema [XML
Schema, Part 1], [XML Schema, Part 2] |
|
The working group intends to update the value of the Web
Services Transfer namespace URI each time a new version of this document is
published until such time that the document reaches Candidate Recommendation
status. Once it has reached Candidate Recommendation status, the working group
intends to maintain the value of the Web Services Transfer namespace URI that
was assigned in the Candidate Recommendation unless significant changes are
made that impact the implementation or break post-CR implementations of the
specification. Also see http://www.w3.org/2001/tag/doc/namespaceState.html
and http://www.w3.org/2005/07/13-nsuri
.
The keywords "MUST", "MUST
NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be
interpreted as described in RFC 2119 [RFC 2119].
This specification uses the following syntax to define
outlines for messages:
·
The syntax appears as an XML instance, but
values in italics indicate data types instead of literal values.
·
Characters are appended to elements and
attributes to indicate cardinality:
o "?" (0 or 1)
o "*" (0 or more)
o "+" (1 or more)
·
The character "|" is used to
indicate a choice between alternatives.
·
The characters "(" and
")" are used to indicate that contained items are to be treated as a
group with respect to cardinality or choice.
·
The characters "[" and
"]" are used to call out references and property names.
·
Ellipsis
(i.e. "...") indicate points of
extensibility.
·
XML namespace prefixes (see Table 2-1) are used to indicate the namespace of the
element being defined.
In addition to Message Information Header properties [WS-Addressing], this specification uses the following
properties to define messages:
[Headers]
Unordered message headers.
[Action]
The value to be used for the wsa:Action URI.
[Body]
A message body.
These properties bind to a SOAP Envelope as follows:
<s:Envelope>
<s:Header>
[Headers]
<wsa:Action>[Action]</wsa:Action>
...
</s:Header>
<s:Body>[Body]</s:Body>
</s:Envelope>
The elements defined in this specification
MAY be extended at the points indicated by their outlines and schema.
Implementations MAY add child elements and/or attributes at the indicated extension
points but MUST NOT contradict the semantics of the parent and/or owner,
respectively. If a receiver does not recognize an extension, the receiver
SHOULD ignore that extension. Senders MAY indicate the presence of an extension
that has to be understood through the use of a corresponding SOAP Header with a
soap:mustUnderstand
attribute with the value "1".
Extension elements and attributes MUST NOT
use the Web Services Transfer namespace URI.
An implementation is not compliant with this
specification if it fails to satisfy one or more of the MUST or REQUIRED level
requirements defined herein. A SOAP Node MUST NOT use the XML namespace
identifier for this specification (listed in 2.2 XML Namespaces) within SOAP Envelopes unless
it is compliant with this specification.
Normative text within this specification takes precedence
over the XML Schema and WSDL descriptions, which in turn take precedence over
outlines, which in turn take precedence over examples.
All messages defined by this specification MUST be sent
to a Web service that is addressable by an EPR (see [WS-Addressing]).
A compliant SOAP Node that implements a resource MUST provide
the Get operation as defined in this specification, and MAY provide the Put and
Delete operations.
This specification defines one Web service
operation (Get) for fetching a one-time snapshot of the representation of a
resource.
The Get request message MUST be of the
following form:
[Action]
http://www.w3.org/2009/02/ws-tra/Get
[Body]
<wst:Get Dialect="xs:anyURI"?
...>
xs:any*
</wst:Get>
The following describes additional, normative
constraints on the outline listed above:
[Body]/wst:Get
This
is a REQUIRED element that has no defined child element content. However, it
MAY include child element content as defined by an extension(s).
[Body]/wst:Get@Dialect
When
this OPTIONAL attribute is present it contains a URI that refers to additional
information for the service on how to process this element. If the attribute is
present but the dialect URI is not known then the service MUST generate an UnknownDialect fault. There is no default value for the
attribute. If the attribute is absent, then the base behavior is used.
[Body]/wst:Get@Dialect="http://www.w3.org/2009/02/ws-frag"
The
WS-Fragment [WS-Fragments] specification
defines this dialect URI. Use of this URI indicates that the contents of the
Get element MUST be processed as specified by the WS-Fragment [WS-Fragments]
specification.
A Get request MUST be targeted at the resource whose
representation is desired as described in 2
Terminology and Notation of this specification.
If the resource accepts a Get request, it MUST reply with
a response of the following form:
[Action]
http://www.w3.org/2009/02/ws-tra/GetResponse
[Body]
<wst:GetResponse
...>
xs:any*
</wst:GetResponse>
The following describes additional, normative constraints
on the outline listed above:
[Body]/wst:GetResponse
This REQUIRED element MUST have as its first
child element, an element that comprises the representation of the resource.
Additional extension elements MAY be included after the element representing
the resource.
Other components of the outline above are not further
constrained by this specification.
The following shows a sample SOAP envelope containing a
Get request:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:ReplyTo>
<wsa:Address>
http://www.fabrikam123.example.org/pullport
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://www.example.org/repository</wsa:To>
<xxx:CustomerID wsa:IsReferenceParameter="true">
732199
</xxx:CustomerID>
<xxx:Region wsa:IsReferenceParameter="true">
EMEA
</xxx:Region>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/Get
</wsa:Action>
<wsa:MessageID>
uuid:00000000-0000-0000-C000-000000000046
</wsa:MessageID>
</s:Header>
<s:Body>
<wst:Get/>
</s:Body>
</s:Envelope>
The following shows the corresponding response message:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:To>http://www.fabrikam123.example.org/pullport</wsa:Address>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/GetResponse
</wsa:Action>
<wsa:MessageID>
uuid:0000010e-0000-0000-C000-000000000046
</wsa:MessageID>
<wsa:RelatesTo>
uuid:00000000-0000-0000-C000-000000000046
</wsa:RelatesTo>
</s:Header>
<s:Body>
<wst:GetResponse>
<xxx:Customer>
<xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last>
<xxx:address>123 Main
Street</xxx:address>
<xxx:city>Manhattan Beach</xxx:city>
<xxx:state>CA</xxx:state>
<xxx:zip>90266</xxx:zip>
</xxx:Customer>
</wst:GetResponse>
</s:Body>
</s:Envelope>
In this example, the representation of the resource is
the following XML element:
<xxx:Customer>
<xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last>
<xxx:address>123 Main Street</xxx:address>
<xxx:city>Manhattan Beach</xxx:city>
<xxx:state>CA</xxx:state>
<xxx:zip>90266</xxx:zip>
</xxx:Customer>
This specification defines one Web service
operation (Put) for updating a resource by providing a replacement
representation. A resource MAY accept updates that provide different XML
representations than that returned by the resource; in such a case, the
semantics of the update operation is defined by the resource.
The Put request message MUST be of the
following form:
[Action]
http://www.w3.org/2009/02/ws-tra/Put
[Body]
<wst:Put Dialect="xs:anyURI"? ...>
xs:any*
</wst:Put>
The following describes additional, normative
constraints on the outline listed above:
[Body]/wst:Put
This
REQUIRED element MUST have as its first child element, an element that
comprises the representation of the resource that is to be replaced. Additional
extension elements MAY be included after the element representing the resource.
[Body]/wst:Put@Dialect
When
this OPTIONAL attribute is present it contains a URI that refers to additional
information for the service on how to process this element. If the attribute is
present but the dialect URI is not known then the service MUST generate an UnknownDialect fault. There is no default value for the
attribute. If the attribute is absent, then the base behavior is used.
[Body]/wst:Put@Dialect="http://www.w3.org/2009/02/ws-frag"
The
WS-Fragment [WS-Fragments] specification
defines this dialect URI. Use of this URI indicates that the contents of the
Get element MUST be processed as specified by the WS-Fragment [WS-Fragments]
specification.
A Put request MUST be targeted at the resource whose
representation is desired to be replaced, as described in 2 Terminology and Notation of this
specification.
Implementations MAY use the fault code wst:InvalidRepresentation if the
presented representation is invalid for the target resource. The replacement
representation could be considered to be invalid if it does not conform to the
schema(s) for the target resource or otherwise violates some cardinality or
type constraint. If an implementation detects that the presented representation
is invalid it MUST generate a wst:InvalidRepresentation
fault.
The replacement representation could contain within it
element or attribute values that are different than their corresponding values
in the current representation. Such changes could affect elements or attributes
that, for whatever reason, the implementation does wish to allow the client to
change. An implementation MAY choose to ignore such elements or attributes, or
it MAY generate a wst:PutDenied
fault. See 5 Faults.
Other components of the outline above are not further
constrained by this specification.
A successful Put operation updates the current
representation associated with the targeted resource. An unsuccessful Put
operation does not affect the resource.
If the resource accepts a Put request and performs the
requested update, it MUST reply with a response of the following form:
[Action]
http://www.w3.org/2009/02/ws-tra/PutResponse
[Body]
<wst:PutResponse
...>
xs:any*
</wst:PutResponse>
[Body]/wst:PutResponse
This REQUIRED element, if it contains any
child elements, MUST have as its first child element, an element that comprises
the representation of the resource that has been updated. Additional extension
elements MAY be included after the element representing the resource.
As an optimization and as a service to the
requester, if there are no extension elements this element SHOULD be empty if
the updated representation does not differ from the representation sent in the
Put request message; that is, if the service accepted the new representation
verbatim.
Such a response (an empty wst:PutResponse) implies that the update request was
successful in its entirety (assuming no intervening mutating operations are
performed). A service MAY return the current representation of the resource as
the child of the wst:PutResponse
element even in this case, however.
Other components of the outline above are not further
constrained by this specification.
The following shows a sample SOAP envelope containing a
Put request:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:ReplyTo>
<wsa:Address>
http://www.fabrikam123.example.org/sender
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://www.example.org/pushport</wsa:To>
<xxx:CustomerID wsa:IsReferenceParameter="true">
732199
</xxx:CustomerID>
<xxx:Region wsa:IsReferenceParameter="true">
EMEA
</xxx:Region>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/Put
</wsa:Action>
<wsa:MessageID>
uuid:00000000-0000-0000-C000-000000000047
</wsa:MessageID>
</s:Header>
<s:Body>
<wst:Put>
<xxx:Customer>
<xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last>
<xxx:address>321 Main
Street</xxx:address>
<xxx:city>Manhattan Beach</xxx:city>
<xxx:state>CA</xxx:state>
<xxx:zip>90266</xxx:zip>
</xxx:Customer>
</wst:Put>
</s:Body>
</s:Envelope>
The following shows the corresponding response message
indicating success:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:To>http://www.fabrikam123.example.org/sender</wsa:Address>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/PutResponse
</wsa:Action>
<wsa:MessageID>
uuid:0000010e-0000-0000-C000-000000000047
</wsa:MessageID>
<wsa:RelatesTo>
uuid:00000000-0000-0000-C000-000000000047
</wsa:RelatesTo>
</s:Header>
<s:Body>
<wst:PutResponse/>
</s:Body>
</s:Envelope>
This specification defines one Web service
operation (Delete) for deleting a resource in its entirety.
The Delete request message MUST be of the following
form:
[Action]
http://www.w3.org/2009/02/ws-tra/Delete
[Body]
<wst:Delete Dialect="xs:anyURI"? ...>
xs:any*
</wst:Delete>
The following describes additional, normative
constraints on the outline listed above:
[Body]/wst:Delete
This
is a REQUIRED element that has no defined child element content. However, it
MAY include child element content as defined by an extension(s).
[Body]/wst:Delete@Dialect
When
this OPTIONAL attribute is present it contains a URI that refers to additional
information for the service on how to process this element. If the attribute is
present but the dialect URI is not known then the service MUST generate an UnknownDialect fault. There is no default value for the
attribute. If the attribute is absent, then the base behavior is used.
[Body]/wst:Delete@Dialect="http://www.w3.org/2009/02/ws-frag"
The
WS-Fragment [WS-Fragments]
specification defines this dialect URI. Use of this URI indicates that the
contents of the Get element MUST be processed as specified by the WS-Fragment [WS-Fragments] specification.
A Delete request MUST be targeted at the resource to be
deleted as described in 2 Terminology
and Notation of this specification.
Implementations may MAY respond with a
fault message using the standard fault codes defined in WS-Addressing (e.g., wsa:ActionNotSupported). Other components of the outline above are not further constrained by this
specification.
A successful Delete operation invalidates the current
representation associated with the targeted resource.
If the resource accepts a Delete request, it MUST reply
with a response of the following form:
[Action]
http://www.w3.org/2009/02/ws-tra/DeleteResponse
[Body]
<wst:DeleteResponse
...>
xs:any*
</wst:DeleteResponse>
[Body]/wst:DeleteResponse
This REQUIRED element MAY contain extension
elements.
Other components of the outline above are not further
constrained by this specification.
The following shows a sample SOAP envelope containing a
Delete request:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:ReplyTo>
<wsa:Address>
http://www.fabrikam123.example.org/sender
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://www.example.org/pushport</wsa:To>
<xxx:CustomerID wsa:IsReferenceParameter="true">
732199
</xxx:CustomerID>
<xxx:Region wsa:IsReferenceParameter="true">
EMEA
</xxx:Region>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/Delete
</wsa:Action>
<wsa:MessageID>
uuid:00000000-0000-0000-C000-000000000049
</wsa:MessageID>
</s:Header>
<s:Body>
<wst:Delete/>
</s:Body>
</s:Envelope>
The following shows the corresponding response message
indicating success:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:To>http://www.fabrikam123.example.org/sender</wsa:Address>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/DeleteResponse
</wsa:Action>
<wsa:MessageID>
uuid:0000010e-0000-0000-C000-000000000049
</wsa:MessageID>
<wsa:RelatesTo>
uuid:00000000-0000-0000-C000-000000000049
</wsa:RelatesTo>
</s:Header>
<s:Body>
<wst:DeleteResponse/>
</s:Body>
</s:Envelope>
This specification
defines one Web service operation (Create) for creating a resource and
providing its initial representation. In some cases, the initial representation
MAY constitute the representation of a logical constructor for the resource and
may can thus
differ structurally from the representation returned by Get or the one required
by Put. This is because the parameterization requirement for creating a
resource is often distinct from the steady-state representation of the
resource. Implementations should SHOULD provide
metadata which describes the use of the representation and how it relates to
the resource which is created, but such mechanisms are beyond the scope of this
specification. The resource factory that receives a Create request will
allocate a new resource that is initialized from the presented representation.
The new resource will be assigned a service-determined endpoint reference that
is returned in the response message.
The Create request
message MUST be of the following form:
[Action]
http://www.w3.org/2009/02/ws-tra/Create
[Body]
<wst:Create Dialect="xs:anyURI"? ...>
xs:any*
</wst:Create>
The following describes
additional, normative constraints on the outline listed above:
[Body]/wst:Create
This REQUIRED element MAY contain zero or more child elements. If this
element does not contain a child element then the resource will be created
using default values. The first child element, if present, MUST be the literal
resource representation, a representation of the constructor for the resource,
or other instructions for creating the resource. Additional extension elements
MAY be included only after the mandated first child element.
[Body]/wst:Create@Dialect
When this OPTIONAL attribute is present it contains a URI that refers to
additional information for the service on how to process this element. If the
attribute is present but the dialect URI is not known then the service MUST
generate an UnknownDialect fault. There is no default
value for the attribute. If the attribute is absent, then the base behavior is
used.
[Body]/wst:Create@Dialect="http://www.w3.org/2009/02/ws-frag"
The WS-Fragment [WS-Fragments]
specification defines this dialect URI. Use of this URI indicates that the
contents of the Get element MUST be processed as specified by the WS-Fragment [WS-Fragments] specification.
A Create request MUST be targeted at a resource factory
capable of creating the desired new resource. This factory is distinct from the
resource being created (which by definition does not exist prior to the successful
processing of the Create request message).
In addition to the standard fault codes defined in
WS-Addressing, implementations MAY use the fault code wst:InvalidRepresentation if the presented
representation is invalid for the target resource. See 5
Faults.
Other components of the outline above are not further
constrained by this specification.
If the resource factory accepts a Create request, it MUST
reply with a response of the following form:
[Action]
http://www.w3.org/2009/02/ws-tra/CreateResponse
[Body]
<wst:CreateResponse
...>
<wst:ResourceCreated>endpoint-reference</wst:ResourceCreated>
xs:any*
</wst:CreateResponse>
[Body]/wst:CreateResponse
This REQUIRED element MUST have as its first
child element an Endpoint Reference (wst:ResourceCreated
element) to the newly created resource.
A service MUST also return the current
representation of the new resource as the second child of the wst:CreateResponse element if the
created representation logically differs from the representation sent in the
Create request message. That is, the initial representation is returned if one
or more values present in Create message was specifically overridden with a
different value during resource creation. If default values are used to
complete a resource creation which were not present in
the Create message, then this does not constitute a logical difference.
As an optimization and as a service to the
requestor, the wst:CreateResponse
element of the response message SHOULD be empty, other than the ResourceCreated element, if the created representation does
not logically differ from the representation sent in the Create request message
and there are no extension elements; that is, if the service accepted the new
representation or creation instructions verbatim. Such a response indicates
that the request was completely successful (assuming no intervening mutating
operations are performed). A service MAY return the current representation of
the resource as the second child of the wst:CreateResponse element even in this case, however.
Additional extension elements MAY be included
after the element representing the resource.
[Body]/wst:CreateResponse/wst:ResourceCreated
This required element MUST contain a resource
reference for the newly created resource. This resource reference, represented
as an endpoint reference as defined in WS-Addressing, MUST identify the
resource for future Get, Put, and Delete operations.
Other components of the outline above are not further
constrained by this specification.
The following shows a sample SOAP envelope containing a
Create request:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:ReplyTo>
<wsa:Address>
http://www.fabrikam123.example.org/sender
</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://www.example.org/pushport/CustomerSpace</wsa:To>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/Create
</wsa:Action>
<wsa:MessageID>
uuid:00000000-0000-0000-C000-000000000048
</wsa:MessageID>
</s:Header>
<s:Body>
<wst:Create>
<xxx:Customer>
<xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last>
<xxx:address>123 Main
Street</xxx:address>
<xxx:city>Manhattan Beach</xxx:city>
<xxx:state>CA</xxx:state>
<xxx:zip>90266</xxx:zip>
</xxx:Customer>
</wst:Create>
</s:Body>
</s:Envelope>
The following shows the corresponding response message
indicating success:
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wst="http://www.w3.org/2009/02/ws-tra"
xmlns:xxx="http://fabrikam123.example.com/resource-model"
>
<s:Header>
<wsa:To>http://www.fabrikam123.example.org/sender</wsa:Address>
<wsa:Action>
http://www.w3.org/2009/02/ws-tra/CreateResponse
</wsa:Action>
<wsa:MessageID>
uuid:0000010e-0000-0000-C000-000000000048
</wsa:MessageID>
<wsa:RelatesTo>
uuid:00000000-0000-0000-C000-000000000048
</wsa:RelatesTo>
</s:Header>
<s:Body>
<wst:CreateResponse>
<wst:ResourceCreated>
<wsa:Address>http://www.example.org/pushport</wsa:Address>
<wsa:ReferenceParameters>
<xxx:CustomerID>732199</xxx:CustomerID>
<xxx:Region>EMEA</xxx:Region>
</wsa:ReferenceParameters>
</wst:ResourceCreated>
</wst:CreateResponse>
</s:Body>
</s:Envelope>
All fault messages defined in this
specification MUST be sent according to the rules and usage described in WS-Addressing
1.0 SOAP Binding Section 6 for encoding SOAP 1.1 and SOAP 1.2 faults. The [action]
property below SHOULD be used for faults defined in this specification:
This
fault is returned when an incorrect representation is sent in a wst:Put or wst:Create
message.
|
s:Sender |
|
|
[Subcode] |
wst:InvalidRepresentation |
|
[Reason] |
The
supplied representation is invalid |
|
[Detail] |
none |
This fault is generated
when a service detects an unknown Dialect URI in a request message.
|
s:Sender |
|
|
[Subcode] |
wst:UnknownDialect |
|
[Reason] |
The
specified Dialect URI is not known. |
|
[Detail] |
The unknown URI if specified |
This fault is generated when a Put request
message attempts to modify a portion of a resource but is not allowed to do so.
|
s:Sender |
|
|
[Subcode] |
wst:UpdateDenied |
|
[Reason] |
One
or more elements or attributes cannot be updated. |
|
[Detail] |
An optional list of the QNames of the
elements or attributes that are not allowed to be updated. |
It is
strongly recommended that the communication between services be secured using
the mechanisms described in [WS-Security].
In order to properly secure messages, the body (even if
empty) and all relevant headers need to be included in the signature.
Specifically, the WS-Addressing header blocks, WS-Security timestamp, and any
header blocks resulting from a <wsa:ReferenceParameters> in
references need to be signed along with the body in order to "bind"
them together and prevent certain types of attacks.
If a requestor is issuing
multiple messages to a resource reference, then it is recommended that a
security context be established using the mechanisms described in WS-Trust and
WS-SecureConversation. It is further recommended that
if shared secrets are used, message-specific derived keys also be used to
protect the secret from crypto attacks.
The access control semantics of resource references is
out-of-scope of this specification and are specific to each resource reference.
Similarly, any protection mechanisms on resource references independent of
transfer (e.g. embedded signatures and encryption) are also out-of-scope.
It is recommended that the security considerations of
WS-Security also be considered.
While a comprehensive listing of attacks is not feasible,
the following list summarizes common classes of attacks that apply to this
protocol and identifies the mechanism(s) to prevent/mitigate the attacks.
·
Replay -
Messages, or portions of messages, can be replayed in an attempt to gain access
or disrupt services. Freshness checks such as timestamps, digests, and
sequences can be used to detect duplicate messages.
·
Invalid tokens -
There are a number of token attacks including certificate authorities, false
signatures, and PKI attacks. Care should SHOULD be taken to
ensure each token is valid (usage window, digest, signing authority, revocation, ...), and that the appropriate delegation
policies are in compliance.
·
Man-in-the-middle -
The message exchanges in this specification could be subject to
man-in-the-middle attacks so care should SHOULD be taken to
reduce possibilities here such as establishing a secure channel and verifying
that the security tokens user represent identities authorized to speak for, or
on behalf of, the desired resource reference.
·
Message alteration -
Alteration is prevented by including signatures of the message information
using WS-Security. Care should SHOULD be taken to
review message part references to ensure they haven't been forged (e.g. ID
duplication).
·
Message disclosure -
Confidentiality is preserved by encrypting sensitive data using WS-Security.
·
Key integrity -
Key integrity is maintained by using the strongest algorithms possible (by
comparing secured policies - see [WS-Policy] and [WS-SecurityPolicy] and by
using derived keys ([WS-SecureConversation]).
·
Authentication -
Authentication is established using the mechanisms described in WS-Security and
WS-Trust. Each message is authenticated using the mechanisms described in
WS-Security.
·
Accountability -
Accountability is a function of the type of and string of the key and
algorithms being used. In many cases, a strong symmetric key provides
sufficient accountability. However, in some environments, strong PKI signatures
are required.
·
Availability -
All reliable messaging services are subject to a variety of availability
attacks. Replay detection is a common attack and it is recommended that this be
addressed by the mechanisms described in WS-Security. Other attacks, such as
network-level denial of service attacks are harder to avoid and are outside the
scope of this specification. That said, care should SHOULD be
taken to ensure that minimal state is saved prior to any authenticating
sequences.
This specification has been developed as a
result of joint work with many individuals and teams, including: Ashok Malhotra (Oracle Corp.), Asir Vedamuthu (Microsoft Corp.), Bob Freund (Hitachi, Ltd.),
Doug Davis (IBM), Fred Maciel (Hitachi, Ltd.), Geoff Bullen (Microsoft Corp.), Gilbert Pilz
(Oracle Corp.), Greg Carpenter (Microsoft Corp.), Jeff Mischkinsky
(Oracle Corp.), Katy Warr (IBM), Li Li (Avaya Communications), Mark Little (Red Hat), Prasad Yendluri (Software AG), Sreedhara
Narayanaswamy (CA), Sumeet Vij (Software AG), Vikas Varma (Software AG), Wu Chou (Avaya Communications), Yves Lafon (W3C)
Key words for
use in RFCs to Indicate Requirement Levels , S. Bradner, Harvard University, March
1997. (See http://www.ietf.org/rfc/rfc2119.txt.)
Simple Object
Access Protocol (SOAP) 1.1 , D. Box,
et al, May 2000. (See http://www.w3.org/TR/2000/NOTE-SOAP-20000508/.)
SOAP Version
1.2 Part 1: Messaging Framework , M.
Gudgin, et al, June 2003. (See
http://www.w3.org/TR/soap12-part1/.)
W3C Recommendation, "Web Services
Addressing 1.0 (WS-Addressing)" , May 2006. (See
http://www.w3.org/2005/08/addressing/.)
W3C Recommendation, "Web Services
Policy 1.5 - Framework" , September 2007. (See
http://www.w3.org/TR/ws-policy/.)
WS-SecureConversation
href="http://schemas.xmlsoap.org/ws/2005/02/sc/">
Web Services Secure
Conversation Language (WS-SecureConversation) , S.
Anderson, et al, February 2005.
Web Services Security: SOAP Message
Security 1.0 , OASIS standard. (See
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.)
WS-SecurityPolicy
G. Della-Libera, et al, "Web
Services Security Policy Language (WS-SecurityPolicy), Version 1.1" ,
July 2005. (See http://schemas.xmlsoap.org/ws/2005/07/securitypolicy.)
W3C Working Group Draft, "Web
Services Fragments" , July 2009. (See
http://www.w3.org/2009/02/ws-frag.)
Web Services
Description Language (WSDL) 1.1 , E.
Christensen, et al, March 2001. (See
http://www.w3.org/TR/2001/NOTE-wsdl-20010315.)
XML Infoset
J. Cowan, et al, "XML Information
Set" , February 2004. (See
http://www.w3.org/TR/2004/REC-xml-infoset-20040204/.)
XML Schema Part 1: Structures , H. Thompson, et al, October 2004. (See
http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/.)
XML Schema Part 2: Datatypes , James Clark, et al, November 1999. (See
http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/.)
A
normative copy of the XML Schema [XML
Schema, Part 1], [XML Schema, Part
2] description for this specification may can be
retrieved from the following address:
A non-normative copy of the XML schema is listed below
for convenience.
<xs:schema
targetNamespace="http://www.w3.org/2009/02/ws-tra"
xmlns:tns="http://www.w3.org/2009/02/ws-tra"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
elementFormDefault="qualified"
blockDefault="#all" >
<xs:import
namespace="http://www.w3.org/2005/08/addressing"
schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd"
/>
<xs:element
name="Get">
<xs:complexType>
<xs:sequence>
<xs:any minOccurs="0"
maxOccurs="unbounded"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:attribute
name="Dialect" type="xs:anyURI"
use="optional" />
<xs:anyAttribute
namespace="##other" processContents="lax"
/>
</xs:complexType>
</xs:element>
<xs:element
name="GetResponse">
<xs:complexType>
<xs:sequence>
<xs:any minOccurs="1"
maxOccurs="unbounded"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:anyAttribute namespace="##other"
processContents="lax" />
</xs:complexType>
</xs:element>
<xs:element
name="Put">
<xs:complexType>
<xs:sequence>
<xs:any minOccurs="1"
maxOccurs="unbounded"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:attribute
name="Dialect" type="xs:anyURI"
use="optional" />
<xs:anyAttribute
namespace="##other" processContents="lax"
/>
</xs:complexType>
</xs:element>
<xs:element
name="PutResponse">
<xs:complexType>
<xs:sequence>
<xs:any minOccurs="1"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:anyAttribute
namespace="##other" processContents="lax"
/>
</xs:complexType>
</xs:element>
<xs:element
name="Delete">
<xs:complexType>
<xs:sequence>
<xs:any minOccurs="0"
maxOccurs="unbounded"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:attribute
name="Dialect" type="xs:anyURI"
use="optional" />
<xs:anyAttribute
namespace="##other" processContents="lax"
/>
</xs:complexType>
</xs:element>
<xs:element
name="DeleteResponse">
<xs:complexType>
<xs:sequence>
<xs:any minOccurs="0"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:anyAttribute
namespace="##other" processContents="lax"
/>
</xs:complexType>
</xs:element>
<xs:element
name="Create">
<xs:complexType>
<xs:sequence>
<xs:any minOccurs="0"
maxOccurs="unbounded"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:attribute
name="Dialect" type="xs:anyURI"
use="optional" />
<xs:anyAttribute
namespace="##other" processContents="lax"
/>
</xs:complexType>
</xs:element>
<xs:element
name="CreateResponse">
<xs:complexType>
<xs:sequence>
<xs:element name="ResourceCreated" type="wsa:EndpointReferenceType"
/>
<xs:any minOccurs="0"
namespace="##other" processContents="lax"
/>
</xs:sequence>
<xs:anyAttribute
namespace="##other" processContents="lax"
/>
</xs:complexType>
</xs:element>
</xs:schema>
A
normative copy of the WSDL [WSDL 1.1] description
for this specification may can be retrieved
from the following address:
A non-normative copy of the WSDL description is listed
below for convenience.
<wsdl:definitions
targetNamespace="http://www.w3.org/2009/02/ws-tra"
xmlns:tns="http://www.w3.org/2009/02/ws-tra"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<wsdl:types>
<xs:schema>
<xs:import
namespace="http://www.w3.org/2009/02/ws-tra"
schemaLocation="http://www.w3.org/2009/02/ws-tra/transfer.xsd"
/>
</xs:schema>
</wsdl:types>
<wsdl:message name="GetMessage">
<wsdl:part name="Body" element="tns:Get"/>
</wsdl:message>
<wsdl:message
name="GetResponseMessage">
<wsdl:part name="Body" element="tns:GetResponse"/>
</wsdl:message>
<wsdl:message
name="PutMessage">
<wsdl:part name="Body" element="tns:Put"/>
</wsdl:message>
<wsdl:message
name="PutResponseMessage">
<wsdl:part name="Body" element="tns:PutResponse"/>
</wsdl:message>
<wsdl:message
name="DeleteMessage">
<wsdl:part name="Body" element="tns:Delete"/>
</wsdl:message>
<wsdl:message
name="DeleteResponseMessage">
<wsdl:part name="Body" element="tns:DeleteResponse"/>
</wsdl:message>
<wsdl:message
name="CreateMessage">
<wsdl:part name="Body" element="tns:Create"/>
</wsdl:message>
<wsdl:message
name="CreateResponseMessage">
<wsdl:part name="Body" element="tns:CreateResponse"/>
</wsdl:message>
<wsdl:portType
name="Resource">
<wsdl:documentation>
This port type
defines a resource that may can be read,
written, and deleted.
</wsdl:documentation>
<wsdl:operation name="Get">
<wsdl:input
message="tns:GetMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/Get"/>
<wsdl:output
message="tns:GetResponseMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/GetResponse"
/>
</wsdl:operation>
<wsdl:operation name="Put">
<wsdl:input
message="tns:PutMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/Put"
/>
<wsdl:output
message="tns:PutResponseMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/PutResponse"
/>
</wsdl:operation>
<wsdl:operation name="Delete">
<wsdl:input
message="tns:DeleteMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/Delete"
/>
<wsdl:output
message="tns:DeleteResponseMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/DeleteResponse"
/>
</wsdl:operation>
</wsdl:portType>
<wsdl:portType
name="ResourceFactory">
<wsdl:documentation>
This port type
defines a Web service that can create new
resources.
</wsdl:documentation>
<wsdl:operation name="Create">
<wsdl:input
message="tns:CreateMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/Create"
/>
<wsdl:output
message="tns:CreateResponseMessage"
wsam:Action="http://www.w3.org/2009/02/ws-tra/CreateResponse"
/>
</wsdl:operation>
</wsdl:portType>
</wsdl:definitions>
|
Data |
Author |
Description |
|
2009/03/04 |
DD |
Added resolution of issue 6391 |
|
2009/03/04 |
DD |
Added resolution of issue 6588 |
|
2009/03/04 |
DD |
Added resolution of issue 6519 |
|
2009/03/09 |
DD |
Added resolution of issue 6398 |
|
2009/03/11 |
DD |
Added change log |
|
2009/03/11 |
DD |
Added resolution of issue 6641 |
|
2009/03/11 |
DD |
Added resolution of issue 6425 |
|
2009/03/23 |
DD |
Added resolution of issue 6666 |
|
2009/03/24 |
DD |
Added resolution of issue 6648 |
|
2009/04/20 |
DD |
Added resolution of issue 6730 |
|
2009/04/22 |
KW |
Added resolution of issue 6739 |
|
2009/05/12 |
DD |
Added resolution of issue 6433 |
|
2009/05/13 |
DD |
|
|
2009/05/19 |
DD |
Added resolution of issue 6849 |
|
2009/05/19 |
DD |
Added resolution of issue 6907 |
|
2009/05/21 |
DD |
Added resolution of issue 6674 |
|
2009/05/27 |
DD |
Added resolution of issue 6906 |
|
2009/06/10 |
DD |
Added resolution of issue 6712 |
|
2009/06/10 |
DD |
Added resolution of issue 6924 |
|
2009/07/07 |
DD |