Copyright © 2004-2006 BEA Systems Inc., Computer Associates, Microsoft Corporation, Inc., Sonic Software, and Systinet, A Mercury Division . All rights reserved. This document is available under the W3C Document License. See the W3C Intellectual Rights Notice and Legal Disclaimers for additional information.
This specification describes a general SOAP-based protocol for accessing XML representations of Web service-based resources.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
WS-Transfer and related specifications are provided as-is and for review and evaluation only. BEA Systems, Computer Associates, Microsoft, Sonic Software, and Systinet, A Mercury Division make no warrantees or representations regarding the specifications in any manner whatsoever.
By publishing this document, W3C acknowledges that the Submitting Members have made a formal Submission request to W3C for discussion. Publication of this document by W3C indicates no endorsement of its content by W3C, nor that W3C has, is, or will be allocating any resources to the issues addressed by it. This document is not the product of a chartered W3C group, but is published as potential input to the W3C Process. A W3C Team Comment has been published in conjunction with this Member Submission. Publication of acknowledged Member Submissions at the W3C site is one of the benefits of W3C Membership. Please consult the requirements associated with Member Submissions of section 3.3 of the W3C Patent Policy. Please consult the complete list of acknowledged W3C Member Submissions.
This specification defines a mechanism for acquiring XML-based representations of entities using the Web service infrastructure. It defines two types of entities:
Resources, which are entities addressable by an endpoint reference that provide an XML representation
Resource factories, which are Web services that can create a new resource from an XML representation
Specifically, it defines two operations for sending and receiving the representation of a given resource and two operations for creating and deleting a resource and its corresponding representation.
It should be noted that the state maintenance of a resource is at most subject to the "best efforts" of the hosting server. When a client receives the server's acceptance of a request to create or update a resource, it can reasonably expect that the resource now exists at the confirmed location and with the confirmed representation, but this is not a guarantee, even in the absence of any third parties. The server may change the representation of a resource, may remove a resource entirely, or may bring back a resource that was deleted.
For instance, the server may store resource state information on a disk drive. If that drive crashes and the server recovers state information from a backup tape, changes that occurred after the backup was made will be lost.
A server may have other operational processes that change resource state information. A server may run a background process that examines resources for objectionable content and deletes any such resources it finds. A server may purge resources that have not been accessed for some period of time. A server may apply storage quotas that cause it to occasionally purge resources.
In essence, the confirmation by a service of having processed a request to create, modify, or delete a resource implies a commitment only at the instant that the confirmation was generated. While the usual case should be that resources are long-lived and stable, there are no guarantees, and clients should code defensively.
This specification intends to meet the following requirements:
Provide a SOAP-based protocol for managing resources and their representations.
Minimize additional mechanism beyond the current Web Services architecture.
This section specifies the notations, namespaces, and terminology used in this specification.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC 2119].
This specification uses the following syntax to define normative outlines for messages:
The syntax appears as an XML instance, but values in italics indicate data types instead of values.
Characters are appended to elements and attributes to indicate cardinality:
"?" (0 or 1)
"*" (0 or more)
"+" (1 or more)
The character "|" is used to indicate a choice between alternatives.
The characters "[" and "]" are used to indicate that contained items are to be treated as a group with respect to cardinality or choice.
An ellipsis (i.e. "…") indicates a point of extensibility that allows other child or attribute content. Additional children and/or attributes MAY be added at the indicated extension points but MUST NOT contradict the semantics of the parent and/or owner, respectively. If a receiver does not recognize an extension, the receiver SHOULD ignore it.
XML namespace prefixes (see table 1) are used to indicate the namespace of the element being defined.
The XML namespace URI that MUST be used by implementations of this specification is:
http://schemas.xmlsoap.org/ws/2004/09/transfer
Table 1 lists XML namespaces that are used in this specification. The choice of any namespace prefix is arbitrary and not semantically significant.
Prefix | XML Namespace | Specification(s) |
---|---|---|
wxf | http://schemas.xmlsoap.org/ws/2004/09/transfer | This specification |
s11 | http://schemas.xmlsoap.org/soap/envelope/ | SOAP 1.1 [SOAP 1.1] |
s12 | http://www.w3.org/2003/05/soap-envelope | SOAP 1.2 [SOAP 1.2] |
s | Either of s11 or s12 | |
wsa | http://schemas.xmlsoap.org/ws/2004/08/addressing | WS-Addressing [WS-Addressing] |
xs | http://www.w3.org/2001/XMLSchema | XML Schema [Part 1, 2] |
wsdl | http://schemas.xmlsoap.org/wsdl | WSDL/1.1 [WSDL 1.1] |
A Web service that is addressable by an endpoint reference as defined in WS-Addressing and that can be represented by an XML Infoset using the Get and Put operations defined in this specification
A Web service that is capable of creating new resources using the Create operation defined in this specification
An implementation is not compliant with this specification if it fails to satisfy one or more of the MUST or REQUIRED level requirements defined herein. A SOAP Node MUST NOT use the XML namespace identifier for this specification (listed in Section 2.2) within SOAP envelopes unless it is compliant with this specification.
Specifically, a compliant SOAP Node that implements a resource MUST provide the Get operation as defined in this specification, and MAY provide the Put and Delete operations.
Normative text within this specification takes precedence over normative outlines, which in turn takes precedence over the XML Schema and WSDL descriptions.
This specification defines one Web service operation (Get) for fetching a one-time snapshot of the representation of a resource.
The Get request message MUST be of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Get </wsa:Action> <wsa:MessageID>xs:anyURI</wsa:MessageID> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body … /> </s:Envelope>
The following describes additional, normative constraints on the outline listed above:
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/Get. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
A Get request MUST be targeted at the resource whose representation is desired as described in Section 2 of this specification.
There are no body blocks defined for a Get Request.
Implementations may respond with a fault message using the standard fault codes defined in WS-Addressing (e.g., wsa:ActionNotSupported). Other components of the outline above are not further constrained by this specification.
If the resource accepts a Get request, it MUST reply with a response of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse </wsa:Action> <wsa:RelatesTo>xs:anyURI</wsa:RelatesTo> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body …> xs:any </s:Body> </s:Envelope>
The following describes additional, normative constraints on the outline listed above:
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
The representation itself MUST be the initial child element of the SOAP:Body element of the response message. All other children SHOULD be ignored.
Other components of the outline above are not further constrained by this specification.
The following shows a sample SOAP envelope containing a Get request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> soap://www.fabrikam123.example.org/pullport </wsa:Address> </wsa:ReplyTo> <wsa:To>soap://www.example.org/repository</wsa:To> <xxx:CustomerID>732199</xxx:CustomerID> <xxx:Region>EMEA</xxx:Region> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Get </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000046 </wsa:MessageID> </s:Header> <s:Body/> </s:Envelope>
The following shows the corresponding response message:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>soap://www.fabrikam123.example.org/pullport</wsa:Address> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000046 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000046 </wsa:RelatesTo> </s:Header> <s:Body> <xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>123 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer> </s:Body> </s:Envelope>
In this example, the representation of the resource is the following XML element:
<xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>123 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer>
This specification defines one Web service operation (Put) for updating a resource by providing a replacement representation. A resource MAY accept updates that provide different XML representations than that returned by the resource; in such a case, the semantics of the update operation is defined by the resource.
The Put request message MUST be of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Put </wsa:Action> <wsa:MessageID>xs:anyURI</wsa:MessageID> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body…> xs:any </s:Body> </s:Envelope>
The following describes additional, normative constraints on the outline listed above:
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/Put. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
The replacement representation MUST be the initial child element of the SOAP:Body element of the request message. All other children SHOULD be ignored.
A Put request MUST be targeted at the resource whose representation is desired to be replaced, as described in Section 2 of this specification.
In addition to the standard fault codes defined in WS-Addressing, implementations MAY use the fault code wxf:InvalidRepresentation if the presented representation is invalid for the target resource. Other components of the outline above are not further constrained by this specification.
A successful Put operation updates the current representation associated with the targeted resource.
If the resource accepts a Put request and performs the requested update, it MUST reply with a response of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/PutResponse </wsa:Action> <wsa:RelatesTo>xs:anyURI</wsa:RelatesTo> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body …> xs:any </s:Body> </s:Envelope>
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/PutResponse. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
A service MUST return the current representation of the resource as the initial child of the s:Body element if the updated representation differs from the representation sent in the Put request message. All other children SHOULD be ignored.
As an optimization and as a service to the requester, the s:Body element of the response message SHOULD be empty if the updated representation does not differ from the representation sent in the Put request message; that is, if the service accepted the new representation verbatim. Such a response (an empty s:Body) MUST indicate that a subsequent Get request would yield the same XML Infoset as a result (assuming no intervening mutating operations are performed). A service MAY return the current representation of the resource as the initial child of the s:Body element even in this case, however.
Other components of the outline above are not further constrained by this specification.
The following shows a sample SOAP envelope containing a Put request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> soap://www.fabrikam123.example.org/sender </wsa:Address> </wsa:ReplyTo> <wsa:To>soap://www.example.org/pushport</wsa:To> <xxx:CustomerID>732199</xxx:CustomerID> <xxx:Region>EMEA</xxx:Region> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Put </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000047 </wsa:MessageID> </s:Header> <s:Body> <xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>321 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer> </s:Body> </s:Envelope>
The following shows the corresponding response message indicating success:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>soap://www.fabrikam123.example.org/sender</wsa:Address> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/PutResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000047 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000047 </wsa:RelatesTo> </s:Header> <s:Body/> </s:Envelope>
This specification defines one Web service operation (Delete) for deleting a resource.
The Delete request message MUST be of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Delete </wsa:Action> <wsa:MessageID>xs:anyURI</wsa:MessageID> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body … /> </s:Envelope>
The following describes additional, normative constraints on the outline listed above:
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/Delete. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
A Delete request MUST be targeted at the resource to be deleted as described in Section 2 of this specification.
There are no body blocks defined for a Delete Request.
Implementations may respond with a fault message
using the standard fault codes defined in WS-Addressing (e.g.,
wsa:ActionNotSupported
). Other
components of the outline above are not further constrained by this
specification.
A successful Delete operation invalidates the current representation associated with the targeted resource.
If the resource accepts a Delete request, it MUST reply with a response of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/DeleteResponse </wsa:Action> <wsa:RelatesTo>xs:anyURI</wsa:RelatesTo> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body …/> </s:Envelope>
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/DeleteResponse. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
There are no body blocks defined for a Delete response.
Other components of the outline above are not further constrained by this specification.
The following shows a sample SOAP envelope containing a Delete request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> soap://www.fabrikam123.example.org/sender </wsa:Address> </wsa:ReplyTo> <wsa:To>soap://www.example.org/pushport</wsa:To> <xxx:CustomerID>732199</xxx:CustomerID> <xxx:Region>EMEA</xxx:Region> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Delete </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000049 </wsa:MessageID> </s:Header> <s:Body/> </s:Envelope>
The following shows the corresponding response message indicating success:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>soap://www.fabrikam123.example.org/sender</wsa:Address> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/DeleteResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000049 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000049 </wsa:RelatesTo> </s:Header> <s:Body/> </s:Envelope>
This specification defines one Web service operation (Create) for creating a resource and providing its initial representation. The resource factory that receives a Create request will allocate a new resource that is initialized from the presented representation. The new resource will be assigned a service-determined endpoint reference that is returned in the response message.
The Create request message MUST be of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Create </wsa:Action> <wsa:MessageID>xs:anyURI</wsa:MessageID> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body …> xs:any </s:Body> </s:Envelope>
The following describes additional, normative constraints on the outline listed above:
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/Create. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
The initial representation MUST be the initial child element of the SOAP:Body element of the request message. All other children SHOULD be ignored.
Other components of the outline above are not further constrained by this specification.
A Create request MUST be targeted at a resource factory capable of creating the desired new resource. This factory is distinct from the resource being created (which by definition does not exist prior to the successful processing of the Create request message).
In addition to the standard fault codes defined in WS-Addressing, implementations MAY use the fault code wfx:InvalidRepresentation if the presented representation is invalid for the target resource.
If the resource factory accepts a Create request, it MUST reply with a response of the following form:
<s:Envelope …> <s:Header …> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/CreateResponse </wsa:Action> <wsa:RelatesTo>xs:anyURI</wsa:RelatesTo> <wsa:To>xs:anyURI</wsa:To> … </s:Header> <s:Body …> <wxf:ResourceCreated>endpoint-reference</wxf:ResourceCreated> xs:any </s:Body> </s:Envelope>
This required element MUST contain the value http://schemas.xmlsoap.org/ws/2004/09/transfer/CreateResponse. If a SOAP Action URI is also present in the underlying transport, its value MUST convey the same value.
This required element MUST contain a resource reference for the newly created resource. This resource reference, represented as an endpoint reference as defined in WS-Addressing, MUST identify the resource for future Get, Put, and Delete operations.
A service MUST return the current representation of the new resource as the second child of the s:Body element if the created representation differs from the representation sent in the Create request message. All other children with position() greater than 2 SHOULD be ignored.
As an optimization and as a service to the requestor, the s:Body element of the response message SHOULD be empty, other than the ResourceCreated element, if the created representation does not differ from the representation sent in the Create request message; that is, if the service accepted the new representation verbatim. Such a response indicates that a subsequent Get request would yield the same XML Infoset as a result (assuming no intervening mutating operations are performed). A service MAY return the current representation of the resource as the initial child of the s:Body element even in this case, however.
Other components of the outline above are not further constrained by this specification.
The following shows a sample SOAP envelope containing a Create request:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:ReplyTo> <wsa:Address> soap://www.fabrikam123.example.org/sender </wsa:Address> </wsa:ReplyTo> <wsa:To>soap://www.example.org/pushport/CustomerSpace</wsa:To> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/Create </wsa:Action> <wsa:MessageID> uuid:00000000-0000-0000-C000-000000000048 </wsa:MessageID> </s:Header> <s:Body> <xxx:Customer> <xxx:first>Roy</xxx:first><xxx:last>Hill</xxx:last> <xxx:address>123 Main Street</xxx:address> <xxx:city>Manhattan Beach</xxx:city> <xxx:state>CA</xxx:state> <xxx:zip>90266</xxx:zip> </xxx:Customer> </s:Body> </s:Envelope>
The following shows the corresponding response message indicating success:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wxf="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:xxx="http://fabrikam123.example.com/resource-model" > <s:Header> <wsa:To>soap://www.fabrikam123.example.org/sender</wsa:Address> <wsa:Action> http://schemas.xmlsoap.org/ws/2004/09/transfer/CreateResponse </wsa:Action> <wsa:MessageID> uuid:0000010e-0000-0000-C000-000000000048 </wsa:MessageID> <wsa:RelatesTo> uuid:00000000-0000-0000-C000-000000000048 </wsa:RelatesTo> </s:Header> <s:Body> <wxf:ResourceCreated> <wsa:Address>soap://www.example.org/pushport</wsa:Address> <wsa:ReferenceProperties> <xxx:CustomerID>732199</xxx:CustomerID> <xxx:Region>EMEA</xxx:Region> </wsa:ReferenceProperties> </wxf:ResourceCreated> </s:Body> </s:Envelope>
It is strongly recommended that the communication between services be secured using the mechanisms described in [WS-Security].
In order to properly secure messages, the body (even
if empty) and all relevant headers need to be included in the
signature. Specifically, the WS-Addressing header
blocks, WS-Security timestamp, and any header blocks resulting from
a <wsa:ReferenceProperties>
in references need to be signed along with the body in order to
"bind" them together and prevent certain types of attacks.
If a requestor is issuing multiple messages to a resource reference, then it is recommended that a security context be established using the mechanisms described in WS-Trust and WS-SecureConversation. It is further recommended that if shared secrets are used, message-specific derived keys also be used to protect the secret from crypto attacks.
The access control semantics of resource references is out-of-scope of this specification and are specific to each resource reference. Similarly, any protection mechanisms on resource references independent of transfer (e.g. embedded signatures and encryption) are also out-of-scope.
It is recommended that the security considerations of WS-Security also be considered.
While a comprehensive listing of attacks is not feasible, the following list summarizes common classes of attacks that apply to this protocol and identifies the mechanism(s) to prevent/mitigate the attacks.
Replay — Messages, or portions of messages, can be replayed in an attempt to gain access or disrupt services. Freshness checks such as timestamps, digests, and sequences can be used to detect duplicate messages.
Invalid tokens — There are a number of token attacks including certificate authorities, false signatures, and PKI attacks. Care should be taken to ensure each token is valid (usage window, digest, signing authority, revocation, …), and that the appropriate delegation policies are in compliance.
Man-in-the-middle — The message exchanges in this specification could be subject to man-in-the-middle attacks so care should be taken to reduce possibilities here such as establishing a secure channel and verifying that the security tokens user represent identities authorized to speak for, or on behalf of, the desired resource reference.
Message alteration — Alteration is prevented by including signatures of the message information using WS-Security. Care should be taken to review message part references to ensure they haven't been forged (e.g. ID duplication).
Message disclosure — Confidentiality is preserved by encrypting sensitive data using WS-Security.
Key integrity — Key integrity is maintained by using the strongest algorithms possible (by comparing secured policies — see [WS-Policy] and [WS-SecurityPolicy]) and by using derived keys ([WS-SecureConversation]).
Authentication — Authentication is established using the mechanisms described in WS-Security and WS-Trust. Each message is authenticated using the mechanisms described in WS-Security.
Accountability — Accountability is a function of the type of and string of the key and algorithms being used. In many cases, a strong symmetric key provides sufficient accountability. However, in some environments, strong PKI signatures are required.
Availability — All reliable messaging services are subject to a variety of availability attacks. Replay detection is a common attack and it is recommended that this be addressed by the mechanisms described in WS-Security. Other attacks, such as network-level denial of service attacks are harder to avoid and are outside the scope of this specification. That said, care should be taken to ensure that minimal state is saved prior to any authenticating sequences.
This specification has been developed as a result of joint work with many individuals and teams, including:
A normative copy of the XML Schema [XML Schema Part 1, Part 2] for this specification may be retrieved by resolving the XML namespace URI for this specification (listed in Section 2.2 XML Namespaces).
A non-normative copy of the XML schema is listed below for convenience.
<xs:schema targetNamespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:tns="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" blockDefault="#all" > <xs:import namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" schemaLocation= "http://schemas.xmlsoap.org/ws/2004/08/addressing/addressing.xsd" /> <xs:complexType name="AnyXmlType"> <xs:sequence> <xs:any namespace="##other" processContents="lax" /> </xs:sequence> </xs:complexType> <xs:complexType name="AnyXmlOptionalType"> <xs:sequence> <xs:any namespace="##other" processContents="lax" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:complexType name="CreateResponseType"> <xs:sequence> <xs:element ref="tns:ResourceCreated" /> <xs:any namespace="##other" processContents="lax" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="ResourceCreated" type="wsa:EndpointReferenceType" /> </xs:schema>
A normative copy of the WSDL [WSDL 1.1] description for this specification may be retrieved from the following address:
http://schemas.xmlsoap.org/ws/2004/09/transfer/transfer.wsdl
A non-normative copy of the WSDL description is listed below for convenience.
<wsdl:definitions targetNamespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:tns="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <wsdl:types> <xs:schema> <xs:import namespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" schemaLocation= "http://schemas.xmlsoap.org/ws/2004/09/transfer/transfer.xsd" /> </xs:schema> </wsdl:types> <wsdl:message name="EmptyMessage"/> <wsdl:message name="AnyXmlMessage"> <wsdl:part name="Body" type="tns:AnyXmlType"/> </wsdl:message> <wsdl:message name="OptionalXmlMessage"> <wsdl:part name="Body" type="tns:AnyXmlOptionalType"/> </wsdl:message> <wsdl:message name="CreateResponseMessage"> <wsdl:part name="Body" type="tns:CreateResponseType"/> </wsdl:message> <wsdl:portType name="Resource"> <wsdl:documentation> This port type defines a resource that may be read, written, and deleted. </wsdl:documentation> <wsdl:operation name="Get"> <wsdl:input message="tns:EmptyMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/Get"/> <wsdl:output message="tns:AnyXmlMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse" /> </wsdl:operation> <wsdl:operation name="Put"> <wsdl:input message="tns:AnyXmlMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/Put" /> <wsdl:output message="tns:OptionalXmlMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/PutResponse" /> </wsdl:operation> <wsdl:operation name="Delete"> <wsdl:input message="tns:EmptyMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/Delete" /> <wsdl:output message="tns:EmptyMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/DeleteResponse" /> </wsdl:operation> </wsdl:portType> <wsdl:portType name="ResourceFactory"> <wsdl:documentation> This port type defines a Web service that can create new resources. </wsdl:documentation> <wsdl:operation name="Create"> <wsdl:input message="tns:AnyXmlMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/Create" /> <wsdl:output message="tns:CreateResponseMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/CreateResponse" /> </wsdl:operation> </wsdl:portType> </wsdl:definitions>