This document is also available in these non-normative formats: PDF, PostScript, XML, and plain text.
Copyright © 2006 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
Web Services Addressing provides transport-neutral mechanisms to address Web services and messages. Web Services Addressing 1.0 - Core (this document) defines a set of abstract properties and an XML Infoset [XML Information Set] representation thereof to reference Web services and to facilitate end-to-end addressing of endpoints in messages. This specification enables messaging systems to support message transmission through networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
This is the Proposed Recommendation of the Web Services Addressing 1.0 - Core specification for review by W3C Members and other interested parties. It has been produced by the Web Services Addressing Working Group (WG), which is part of the W3C Web Services Activity.
The publication of this document signifies a call for review by the W3C Advisory Committee. W3C Advisory Committee Representatives are invited to submit their formal review per the instructions in the Call for Review (see Advisory Committee questionnaires). The review period ends on 18 April 2006.
Members of the public are also invited to send comments on this Proposed Recommendation to the public public-ws-addressing-comments@w3.org mailing list (public archive).
This document addresses the comments received against the Candidate Recommendation draft previously published. The detailed disposition of those comments can be found in the Candidate Recommendation issues list. An implementation report showing that the Candidate Recommendation exit criteria have been met and exceeded is available, along with a test suite. A diff-marked version against the previous version of this document is available. For a detailed list of changes since the last publication of this document, please refer to appendix B. Change Log.
The Working Group intends to maintain the value of the Web Services Addressing 1.0 - Core namespace URI that was assigned in the Candidate Recommendation unless significant changes are made that impact the implementation of the specification.
Discussion of this document takes place on the public-ws-addressing@w3.org mailing list (public archive). A list of formal objections against the set of WS-Addressing 1.0 Working Drafts is also available.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
Publication as a Proposed Recommendation does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
1. Introduction
1.1 Notational
Conventions
1.2 Namespaces
2. Endpoint References
2.1 Information
Model for Endpoint References
2.2 Endpoint
Reference XML Infoset Representation
2.3 Endpoint Reference
Comparison
2.4 Endpoint
Reference Lifecycle
2.5 Endpoint
Reference Extensibility
2.6 Identifying Resources in an Endpoint
Reference
3. Message Addressing Properties
3.1 Abstract
Property Definitions
3.2 XML
Infoset Representation of Message Addressing Properties
3.2.1 Comparing IRIs
3.3 Sending a Message
to an EPR
3.4 Formulating a
Reply Message
4. Security
Considerations
4.1 Additional
Security Considerations
5. References
A. Acknowledgements
(Non-Normative)
B. Change Log (Non-Normative)
B.1 Changes Since
Candidate Recommendation
B.2 Changes Since Last
Call Working Draft
B.3 Changes Since
Second Working Draft
B.4 Changes Since
First Working Draft
B.5 Changes Since
Submission
Web Services Addressing 1.0 - Core (WS-Addressing) defines two constructs, message addressing properties and endpoint references, that normalize the information typically provided by transport protocols and messaging systems in a way that is independent of any particular transport or messaging system.
A Web service endpoint is a (referenceable) entity, processor, or resource to which Web service messages can be addressed. Endpoint references convey the information needed to address a Web service endpoint. Note that WSDL 2.0 has an Endpoint component [WSDL 2.0, Section 2.15 Endpoint] which along with other WSDL 2.0 components can be used to describe a Web service endpoint. A Web service endpoint may in fact have multiple such descriptions. Similarly, multiple EPRs can be used to convey information needed to address a particular Web service endpoint. An EPR is intended to convey information required to address a Web service endpoint whereas a WSDL 2.0 description is intended to describe a Web service.
This specification defines a family of message addressing properties that convey end-to-end message characteristics including references for source and destination endpoints and message identity that allows uniform addressing of messages independent of the underlying transport.
Both of these constructs are designed to be extensible and re-usable so that other specifications can build on and leverage endpoint references and message addressing properties.
The following example illustrates the use of these mechanisms in a SOAP 1.2 message being sent from http://example.com/business/client1 to http://example.com/fabrikam/Purchasing (see Web Services Addressing 1.0 - SOAP Binding[WS-Addressing-SOAP] for more information on the use of WS-Addressing in SOAP):
Example 1-1. Use of message addressing properties in a SOAP 1.2 message.
(01) <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing"> (02) <S:Header> (03) <wsa:MessageID>http://example.com/6B29FC40-CA47-1067-B31D-00DD010662DA</wsa:MessageID> (04) <wsa:ReplyTo> (05) <wsa:Address>http://example.com/business/client1</wsa:Address> (06) </wsa:ReplyTo> (07) <wsa:To>http://example.com/fabrikam/Purchasing</wsa:To> (08) <wsa:Action>http://example.com/fabrikam/SubmitPO</wsa:Action> (09) </S:Header> (10) <S:Body> (11) ... (12) </S:Body> (13) </S:Envelope>
Lines (02) to (09) represent the header of the SOAP message where the mechanisms defined in the specification are used. The body is represented by lines (10) to (12).
Lines (03) to (08) contain the message addressing header blocks. Specifically, line (02) specifies the identifier for this message and lines (04) to (06) specify the endpoint to which replies to this message should be sent as an endpoint reference. Line (07) specifies the address URI of the ultimate receiver of this message. Line (08) specifies an action URI identifying expected semantics.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [IETF RFC 2119].
When describing abstract data models, this specification uses the notational convention used by the XML Infoset [XML Information Set]. Specifically, abstract property names always appear in square brackets (e.g., [some property]).
When describing concrete XML schemas [XML Schema Structures, XML Schema Datatypes], this specification uses the notational convention of WS-Security [WS-Security]. Specifically, each member of an Element Information Item's [children] or [attributes] property is described using an XPath-like notation (e.g., /x:MyHeader/x:SomeProperty/@value1). The use of {any} indicates the presence of an element wildcard (<xs:any/>). The use of @{any} indicates the presence of an attribute wildcard (<xs:anyAttribute/>).
Where pseudo-schemas are provided for a component, they use BNF-style conventions for attributes and elements: "?" denotes optionality (i.e. zero or one occurrences), "*" denotes zero or more occurrences, "+" one or more occurrences, "[" and "]" are used to form groups, and "|" represents choice. Attributes are conventionally assigned a value which corresponds to their type, as defined in the normative schema. Elements with simple content are conventionally assigned a value which corresponds to the type of their content, as defined in the normative schema. Pseudo schemas do not include extensibility points for brevity.
When defining the cardinality of endpoint reference properties and message addressing properties, this specification uses the following notation: (n..m), where n is the minimum allowed number of occurrences of the property and m is the maximum allowed number of occurrences. When n has the same value as m then exactly that number of occurrences of the property must be present in the associated endpoint reference or message.
This specification uses a number of namespace prefixes throughout; they are listed in Table 1-1. Note that the choice of any namespace prefix is arbitrary and not semantically significant (see [XML Namespaces]).
Prefix | Namespace |
---|---|
wsa | http://www.w3.org/2005/08/addressing |
S | http://www.w3.org/2003/05/soap-envelope |
xs | http://www.w3.org/2001/XMLSchema |
WS-Addressing may be used with SOAP [SOAP 1.2 Part 1: Messaging Framework, SOAP 1.1] as described in Web Services Addressing 1.0 - SOAP Binding[WS-Addressing-SOAP]. WS-Addressing may be used with WSDL [WSDL 2.0, WSDL 1.1] described services as described in Web Services Addressing 1.0 - WSDL Binding[WS-Addressing-WSDL]. Examples in this specification use an XML 1.0 [XML 1.0] representation but this is not a requirement.
All information items defined by this specification are identified by the XML namespace URI [XML Namespaces] http://www.w3.org/2005/08/addressing. A normative XML Schema [XML Schema Structures, XML Schema Datatypes] document can be obtained by dereferencing the XML namespace URI.
This section defines the information model and syntax of an endpoint reference.
This specification introduces the endpoint reference, a construct designed to support the following usage scenarios:
Dynamic generation and customization of service endpoint descriptions.
Referencing and description of specific service instances that are created as the result of stateful interactions.
Flexible and dynamic exchange of endpoint information in tightly coupled environments where communicating parties share a set of common assumptions about specific policies or protocols that are used during the interaction.
An endpoint reference is a collection of abstract properties. This specification defines a core set of properties, but it is also possible for other specifications to extend these and/or add other properties. The semantics and XML Infoset representation for any such extension properties will be described in their defining specifications. An endpoint reference consists of the following abstract properties:
An absolute IRI representing the address of the endpoint. This specification introduces two predefined [address] values as shown in Table 2-1.
URI | Description |
---|---|
"http://www.w3.org/2005/08/addressing/anonymous" | Some endpoints cannot be located with a meaningful IRI; this URI is used to allow such endpoints to send and receive messages. The precise meaning of this URI is defined by the binding of Addressing to a specific protocol and/or the context in which the EPR is used. |
"http://www.w3.org/2005/08/addressing/none" | Messages sent to EPRs whose [address] is this value MUST be discarded (i.e. not sent). This URI is typically used in EPRs that designate a reply or fault endpoint (see section 3.1 Abstract Property Definitions) to indicate that no reply or fault message should be sent. |
A reference may contain a number of individual parameters that are associated with the endpoint to facilitate a particular interaction. Reference parameters are namespace-qualified element information items that are required to properly interact with the endpoint. Reference parameters are provided by the issuer of the endpoint reference and are assumed to be opaque to other users of an endpoint reference. The binding of reference parameters to messages depends upon the protocol binding used to interact with the endpoint - Web Services Addressing 1.0 - SOAP Binding[WS-Addressing-SOAP] describes the default binding for the SOAP protocol.
The reference parameters are not ordered. No significance can be attributed to any order in which they may appear, because they may be bound to a message in a way which does not preserve that ordering.
A reference may contain metadata that describes the behavior, policies and capabilities of the endpoint. Metadata may be included in an endpoint reference to facilitate easier processing by a user of an endpoint reference, or because the metadata was dynamically generated.
The metadata embedded in an EPR is not necessarily a complete statement of the metadata pertaining to the endpoint. Moreover, while embedded metadata is necessarily valid at the time the EPR is initially created it may become stale at a later point in time.
To deal with conflicts between the embedded metadata of two EPRs that have the same [address], or between embedded metadata and metadata obtained from a different source, or to ascertain the current validity of embedded metadata, mechanisms that are outside of the scope of this specification, such as EPR life cycle information (see 2.4 Endpoint Reference Lifecycle) or retrieval of metadata from an authoritative source, SHOULD be used.
This section defines an XML Infoset-based representation for an endpoint reference as both an XML type (wsa:EndpointReferenceType) and as an XML element (<wsa:EndpointReference>). For brevity simple XML terms are used, e.g. 'element' instead of 'element information item' - this is not intended to constrain use of the constructs defined in this section to textual XML representations.
The wsa:EndpointReferenceType type is used wherever a Web service endpoint is referenced. The following describes the contents of this type:
<wsa:EndpointReference> <wsa:Address>xs:anyURI</wsa:Address> <wsa:ReferenceParameters>xs:any*</wsa:ReferenceParameters> ? <wsa:Metadata>xs:any*</wsa:Metadata>? </wsa:EndpointReference>
The following describes the attributes and elements listed in the schema overview above:
This represents some element of type wsa:EndpointReferenceType. This example uses the predefined <wsa:EndpointReference> element, but any element of type wsa:EndpointReferenceType may be used.
This REQUIRED element (whose content is of type xs:anyURI) specifies the [address] property of the endpoint reference.
This is an extensibility mechanism to allow additional attributes to be specified.
This OPTIONAL element may contain elements from any namespace. Such elements form the [reference parameters] of the reference.
This is an extensibility mechanism to allow additional attributes to be specified.
Each element information item found in [reference parameters] (including all of that elements [children], [attributes] and [in-scope namespaces]) is represented as is.
This OPTIONAL element may contain elements from any namespace. Such elements form the metadata that is relevant to the interaction with the endpoint.
Each child element of Metadata represents an individual piece of metadata.
This is an extensibility mechanism to allow additional attributes to be specified. Some examples in this specification show use of this extensibility point to include a wsdlLocation[WSDL 2.0] attribute to provide a hint for the location of a WSDL description of the service deployed at the endpoint.
This is an extensibility mechanism to allow additional elements to be specified.
This is an extensibility mechanism to allow additional attributes to be specified.
Note:
Specifications which describe any extension elements or attributes used to augment the above model will explain any effects those extensions may have on the abstract properties. They may affect either the core properties or extension properties as defined in 2.1 Information Model for Endpoint References.
The following shows an example endpoint reference. This element references the the endpoint at the URI "http://example.com/fabrikam/acct".
Example 2-1. Example endpoint reference.
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsa:Address>http://example.com/fabrikam/acct</wsa:Address> </wsa:EndpointReference>
This specification provides no concept of endpoint identity and therefore does not provide any mechanism to determine equality or inequality of EPRs and does not specify the consequences of their equality or inequality. However, note that it is possible for other specifications to provide a comparison function that is applicable within a limited scope.
This specification does not define a lifecycle model for endpoint references and does not address the question of time-to-live for endpoint references. Other specifications that build on or use WS-Addressing may define a lifecycle model for endpoint references created according to that specification.
As noted in 2.2 Endpoint Reference XML Infoset Representation endpoint references are extensible. When extension attributes or elements appear as part of an endpoint reference, the processing model for such extensions is defined by the specification for those extensions. Software that processes endpoint references can safely ignore any such extensions that it does not recognize or understand.
Extension elements and attributes MAY add additional properties to an endpoint reference in addition to those specified in 2.1 Information Model for Endpoint References. Endpoint reference extensions MAY modify the value of one or more existing properties of an endpoint reference. Extensions MAY modify the rules for binding endpoint reference properties to message addressing properties, or otherwise indicate that a different binding be used.
Note that this ability to modify existing properties and binding behavior, when coupled with the fact that software can ignore unknown or unrecognized extensions, may result in a difference in behavior depending on whether such an extended endpoint reference is processed by software that understands the extension(s). When designing endpoint reference extensions designers should consider that standard processing per this specification will prevail in cases where their extension is not recognized or understood.
The Architecture of the World Wide Web, Volume One [AoWWW] recommends [AoWWW, Section 2] the use of URIs to identify resources. Using abstract properties of an EPR other than [destination] to identify resources is contrary to this recommendation. In certain circumstances, such a use of additional properties may be convenient or beneficial; however, when building systems, the benefits or convenience of identifying a resource using reference parameters should be carefully weighed against the benefits of identifying a resource solely by URI as explained in [AoWWW, Section 2.1] of the Web Architecture.
This section defines the information model and syntax of message addressing properties.
Message addressing properties provide references for the endpoints involved in an interaction. The use of these properties to support specific interactions is in general defined by both the semantics of the properties themselves and the implicit or explicit contract that governs the message exchange. If explicitly available, this contract can take different forms including but not being limited to WSDL MEPs and interfaces; business processes and e-commerce specifications, among others, can also be used to define explicit contracts between the parties.
In a one-way interaction pattern a source sends a message to a destination without any further definition of the interaction. "Request-response" is a common interaction pattern that consists of an initial message sent by a source endpoint (the request) and a subsequent message sent from the destination of the request back to the source (the response). A response in this case can be either an application message, a fault, or any other message. Note, however, that reply messages may be sent as part of other message exchanges as well, and are not restricted to the usual single Request, single Response pattern, or to a particular WSDL transmission primitive or MEP. The contract between the interacting parties may specify that multiple or even a variable number of replies be delivered.
The set of message addressing properties defined in this specification is sufficient for many simple variations of one-way and request-response MEPs. More advanced MEPs may require additional message addressing properties to augment the facilities provided here.
Message addressing properties collectively augment a message with the following abstract properties to support one-way, request-response, and other interaction patterns:
An absolute IRI representing the address of the intended receiver of this message.
Reference to the endpoint from which the message originated.
An endpoint reference for the intended receiver for replies to this message.
An endpoint reference for the intended receiver for faults related to this message.
An absolute IRI that uniquely identifies the semantics implied by this message.
It is RECOMMENDED that the value of the [action] property is an IRI identifying an input, output, or fault message within a WSDL interface or port type. An action may be explicitly or implicitly associated with the corresponding WSDL definition. Web Services Addressing 1.0 - WSDL Binding[WS-Addressing-WSDL] describes the mechanisms of association.
An absolute IRI that uniquely identifies the message. When present, it is the responsibility of the sender to ensure that each message is uniquely identified. The behavior of a receiver when receiving a message that contains the same [message id] as a previously received message is unconstrained by this specification.
A pair of values that indicate how this message relates to another message. The type of the relationship is identified by an absolute IRI. The related message is identified by an absolute IRI that corresponds to the related message's [message id] property. The message identifier IRI may refer to a specific message, or be the following pre-defined URI that means "unspecified message": "http://www.w3.org/2005/08/addressing/unspecified"
This specification has one predefined relationship type as shown in Table 3-1.
URI | Description |
---|---|
"http://www.w3.org/2005/08/addressing/reply" | Indicates that this is a reply to the message identified by the [message id] IRI. |
Corresponds to the value of the [reference parameters] property of the endpoint reference to which the message is addressed.
The [destination] and [action] properties indicate the target processing location and the verb or intent of the message respectively. The values of these properties can be used to facilitate the dispatch of messages.
A binding of WS-Addressing message addressing properties MUST reflect the property cardinality shown above. Web Services Addressing 1.0 - SOAP Binding[WS-Addressing-SOAP] defines such a binding for the SOAP [SOAP 1.2 Part 1: Messaging Framework, SOAP 1.1] protocol.
The following shows the XML Infoset representation of the message addressing properties defined in 3.1 Abstract Property Definitions:
<wsa:To>xs:anyURI</wsa:To> ? <wsa:From>wsa:EndpointReferenceType</wsa:From> ? <wsa:ReplyTo>wsa:EndpointReferenceType</wsa:ReplyTo> ? <wsa:FaultTo>wsa:EndpointReferenceType</wsa:FaultTo> ? <wsa:Action>xs:anyURI</wsa:Action> <wsa:MessageID>xs:anyURI</wsa:MessageID> ? <wsa:RelatesTo RelationshipType="xs:anyURI"?>xs:anyURI</wsa:RelatesTo> * <wsa:ReferenceParameters>xs:any*</wsa:ReferenceParameters> ?
The following describes the attributes and elements listed in the schema overview above:
This OPTIONAL element (whose content is of type xs:anyURI) provides the value for the [destination] property. If this element is NOT present then the value of the [destination] property is "http://www.w3.org/2005/08/addressing/anonymous".
This OPTIONAL element (of type wsa:EndpointReferenceType) provides the value for the [source endpoint] property.
This OPTIONAL element (of type wsa:EndpointReferenceType) provides the value for the [reply endpoint] property. If this element is NOT present then the value of the [address] property of the [reply endpoint] EPR is "http://www.w3.org/2005/08/addressing/anonymous".
This OPTIONAL element (of type wsa:EndpointReferenceType) provides the value for the [fault endpoint] property.
This REQUIRED element (whose content is of type xs:anyURI) conveys the value of the [action] property.
This OPTIONAL element (whose content is of type xs:anyURI) conveys the [message id] property.
This OPTIONAL (repeating) element information item contributes one abstract [relationship] property value, in the form of an (IRI, IRI) pair. The content of this element (of type xs:anyURI) conveys the [message id] of the related message.
This OPTIONAL attribute (of type xs:anyURI) conveys the relationship type as an IRI. When absent, the implied value of this attribute is "http://www.w3.org/2005/08/addressing/reply".
Each element information item found in [reference parameters] (including all of that elements [children], [attributes] and [in-scope namespaces]) is represented as is.
Note that each of the element information items described above allows attribute wildcards for future extensibility. A message processor may safely ignore any extension attribute it does not recognize. Attribute extensibility allows use of xml:id[xml:id] for identification of these elements if desired.
The values of the Message Addressing Properties [action], [message id], and [relationship] are absolute IRIs. The purpose of these IRIs is primarily identification, rather than resource retrieval. As such, simple string comparison, as indicated in Internationalized Resource Identifiers IETF RFC 3987 section 5.3.1, is sufficient to determine equivalence of these IRIs.
Comparison of [destination] property values is out of scope, other than using simple string comparison to detect whether the value is anonymous, that is, where [destination] has the value "http://www.w3.org/2005/08/addressing/anonymous".
This section describes the process of constructing a message in accordance to an EPR.
If the EPR's [address] property is "http://www.w3.org/2005/08/addressing/none" the message is discarded, if not then populate the message's message addressing properties:
[action]: this property is required, but is not populated from the EPR.
[destination]: this property takes the value of the EPR's [address] property.
[reference parameters]: this property takes the value of the selected EPR's [reference parameters] property
This section specifies the WS-Addressing-specific rules for creating a reply or fault message related to another message.
Select the appropriate EPR:
If the reply is a normal message, select the EPR from the related message's [reply endpoint] message addressing property.
Note:
The [reply endpoint] message addressing property will always be present when using the XML Infoset representation since, in the absence of a wsa:ReplyTo element, the value of the [reply endpoint] message addressing property defaults to an EPR with an [address] property of "http://www.w3.org/2005/08/addressing/anonymous" - see section 3.2 XML Infoset Representation of Message Addressing Properties.
If the [reply endpoint] message addressing property is not present the processor MUST fault. This could only occur when using an alternate representation of message addressing properties.
Otherwise, if the reply is a fault message and the related message's [fault endpoint] message addressing property is not empty, select the EPR from that property. If the [fault endpoint] property is empty, select the EPR from the related message's [reply endpoint] message addressing property. Otherwise, if the [reply endpoint] property is empty, the behavior of the recipient of the related message is unconstrained by this specification.
In either of the above cases, if the related message lacks a [message id] property, the processor MUST fault.
Send the message according to the previous section, but also including:
[relationship]: this property MUST include a pair of IRIs as follows; the relationship type is the predefined reply URI "http://www.w3.org/2005/08/addressing/reply" and the related message's identifier is the [message id] property value from the message being replied to; other relationships MAY be expressed in this property
The following example illustrates a message containing message addressing properties serialized as header blocks in a SOAP 1.2 message:
Example 3-1. Example message.
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID>http://example.com/someuniquestring</wsa:MessageID> <wsa:ReplyTo> <wsa:Address>http://example.com/business/client1</wsa:Address> </wsa:ReplyTo> <wsa:To>mailto:fabrikam@example.com</wsa:To> <wsa:Action>http://example.com/fabrikam/mail/Delete</wsa:Action> </S:Header> <S:Body> <f:Delete xmlns:f="http://example.com/fabrikam"> <maxCount>42</maxCount> </f:Delete> </S:Body> </S:Envelope>
This message would have the following property values:
[destination]: "mailto:fabrikam@example.com"
[reply endpoint]: The endpoint with [address] "http://example.com/business/client1"
[action]: "http://example.com/fabrikam/mail/Delete"
[message id]: "http://example.com/someuniquestring"
The following example illustrates a reply to the above message:
Example 3-2. Example reply message.
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID>http://example.com/someotheruniquestring</wsa:MessageID> <wsa:RelatesTo>http://example.com/someuniquestring</wsa:RelatesTo> <wsa:To>http://example.com/business/client1</wsa:To> <wsa:Action>http://example.com/fabrikam/mail/DeleteAck</wsa:Action> </S:Header> <S:Body> <f:DeleteAck xmlns:f="http://example.com/fabrikam"/> </S:Body> </S:Envelope>
This message would have the following property values:
[destination]: "http://example.com/business/client1"
[action]: "http://example.com/fabrikam/mail/DeleteAck"
[message id]: "http://example.com/someotheruniquestring"
[relationship]: ("http://www.w3.org/2005/08/addressing/reply", "http://example.com/someuniquestring")
Conformance to this specification does not require a message receiver to honor the WS-Addressing constructs within a message if the receiver is not satisfied that the message is safe to process.
WS-Addressing supports capabilities that allow a message sender to instruct a message receiver to send additional unsolicited messages to other receivers of their choice. To an extent the content of such unsolicited messages can also be controlled using reference parameters supplied by the initial message sender. Because of these capabilities it is essential that communications using WS-Addressing are adequately secured and that a sufficient level of trust is established between the communicating parties before a receiver processes WS-Addressing constructs within a message. There are several aspects to securing a message:
EPRs and message addressing properties should be integrity-protected to prevent tampering. Such integrity protection might be provided by the transport, a message level signature, or use of an XML digital signature within EPRs.
Users of EPRs should validate the trustworthiness of an EPR before using it by considering the following aspects:
whether the EPR was obtained from a trusted source
whether the EPR was obtained from a source with authority to represent the [address] of that EPR
whether the [address] of the EPR is a trusted destination
For example, the receiver of a message might rely on the presence of a verifiable signature by a trusted party over the message addressing properties to determine that the message originated from a trusted source and further require that the [reply endpoint] and [fault endpoint] are signed by a principle with authority to represent the [address] of those EPRs to ensure that unsolicted messages are not sent. Alternatively an out-of-band means of establishing trust might be used to determine whether a particular EPR is trustworthy.
To prevent information disclosure, EPR issuers should not put sensitive information into the [address] or [reference parameters] properties unless it has been adequately protected against arbitrary disclosure.
Some processors may use [message id] as part of a uniqueness metric in order to detect message replay. Care should be taken to ensure that, for purposes of replay detection, [message id] is composed from data, such as a timestamp, such that a legitimate retransmission of the message is not confused with a replay attack. It is also advisable to use a [message id] that is not predictable, to prevent attackers from constructing and sending an unsolicited reply to a message without having to see the actual message.
This document is the work of the W3C Web Service Addressing Working Group.
Members of the Working Group are (at the time of writing, and by alphabetical order): Abbie Barbir (Nortel Networks), Andreas Bjärlestam (ERICSSON), Dave Chappell (Sonic Software), Eran Chinthaka (WSO2), Francisco Curbera (IBM Corporation), Glen Daniels (Sonic Software), Vikas Deolaliker (Sonoa Systems, Inc.), Paul Downey (BT), Jacques Durand (Fujitsu Limited), Robert Freund (Hitachi, Ltd.), Marc Goodner (Microsoft Corporation), Arun Gupta (Sun Microsystems, Inc.), Hugo Haas (W3C/ERCIM), Marc Hadley (Sun Microsystems, Inc.), David Hull (TIBCO Software, Inc.), Yin-Leng Husband (HP), David Illsley (IBM Corporation), Anish Karmarkar (Oracle Corporation), Paul Knight (Nortel Networks), Philippe Le Hégaret (W3C/MIT), Amelia Lewis (TIBCO Software, Inc.), Bozhong Lin (IONA Technologies, Inc.), Mark Little (JBoss Inc.), Jonathan Marsh (Microsoft Corporation), Jeff Mischkinsky (Oracle Corporation), Nilo Mitra (ERICSSON), Eisaku Nishiyama (Hitachi, Ltd.), Ales Novy (Systinet Inc.), David Orchard (BEA Systems, Inc.), Gilbert Pilz (BEA Systems, Inc.), Tony Rogers (Computer Associates), Tom Rutt (Fujitsu Limited), Davanum Srinivas (WSO2), Jiri Tejkl (Systinet Inc.), Mike Vernal (Microsoft Corporation), Steve Vinoski (IONA Technologies, Inc.), Katy Warr (IBM Corporation), Pete Wenzel (Sun Microsystems, Inc.), Steve Winkler (SAP AG), Ümit Yalçinalp (SAP AG), Prasad Yendluri (webMethods, Inc.).
Previous members of the Working Group were: Lisa Bahler (SAIC - Telcordia Technologies), Rebecca Bergersen (IONA Technologies, Inc.), Ugo Corda (Sun Microsystems, Inc.), Michael Eder (Nokia), Yaron Goland (BEA Systems, Inc.), Marc Goodner (SAP AG), Martin Gudgin (Microsoft Corporation), Mark Nottingham (BEA Systems, Inc.), Mark Peel (Novell, Inc.), Harris Reynolds (webMethods, Inc.), Rich Salz (IBM Corporation), Davanum Srinivas (Computer Associates), Greg Truty (IBM Corporation).
The people who have contributed to discussions on public-ws-addressing@w3.org are also gratefully acknowledged.
Date | Editor | Description |
---|---|---|
2006-03-13 @ 14:45 | mhadley | Added editorial fixes from Hugo |
2006-03-10 @ 15:26 | mhadley | Added resolution of CR23 |
2006-03-03 @ 14:10 | mhadley | Fixed editor list in references |
2006-03-03 @ 10:11 | mhadley | Added new resolution to CR3 - added reference to xml:id |
2006-03-03 @ 08:50 | mhadley | Removed feature at risk warnings for [source endpoint] and wsa:From |
2006-03-02 @ 13:49 | mhadley | Added resolution to CR17, clarified that [reply endpoint] is always present when using the XML infoset serialization |
2006-03-02 @ 12:47 | mhadley | Added resolution for CR23, finesse definition of anonymous URI |
2006-02-08 @ 07:05 | trogers | Changed Change Log limit from 20060101 to 20061201 |
2006-02-08 @ 05:57 | trogers | Added the resolution of CR19 - removed text stating all interactions based on one-way. |
2006-02-08 @ 05:39 | trogers | Added the resolution of CR16 - replaced omitted text for resolution of i020. |
2006-02-08 @ 01:40 | trogers | Added the resolution of CR10 - TAG request re URLs. |
2005-11-26 @ 08:30 | trogers | Implement the resolution of CR12: reference parameters are specified as unordered. |
2005-11-08 @ 06:10 | trogers | Implemented the resolution of CR5, adding a section describing sending a message to an EPR |
2005-11-07 @ 06:43 | mhadley | Fixed typo |
2005-10-17 @ 18:44 | mhadley | Added namesapce change policy |
2005-09-15 @ 19:42 | mhadley | Added new section for post CR changes |
Date | Editor | Description |
---|---|---|
2005-07-20 @ 19:04 | mhadley | Added ednote asking for feedback on removal of [source endpoint] and wsa:From |
2005-07-20 @ 18:21 | mhadley | Added resolution to issues lc55 and lc87 - reworked security section |
2005-07-19 @ 19:13 | mhadley | Added resolution to issue lc101, lc104 - clarified extensibility of abstract properties |
2005-07-19 @ 18:46 | mhadley | Added revised resolution to issue lc20 - clarified meaning of anonymous uri in SOAP |
2005-07-19 @ 18:28 | mhadley | Added revised resolution to issue lc68 - updated text warning designers of EPR extensions that default processing prevails when their extension is not understood |
2005-07-12 @ 18:46 | mhadley | Added resolution to issues lc69, lc108 - made wsa:ReplyTo default to anonymous, added new predefined address URI that designates no reply/fault |
2005-07-12 @ 15:57 | mhadley | Added resolution to issue 107 - assorted editorial fixes wrt alignment with WSDL terminology |
2005-07-11 @ 19:58 | mhadley | Added resolution to issue lc90 - clarified use of message id as uniqueness metric |
2005-06-21 @ 17:46 | mhadley | Added resolution to issues lc75 and lc88 - updated description of [message id] |
2005-06-20 @ 19:08 | mhadley | Added resolution to issue lc106 - updated pseudo schemas to match the notational conventions used by WSDL 2.0 |
2005-06-03 @ 20:33 | mhadley | Added resolutions to issues lc58, lc79, lc91, lc102 |
2005-06-02 @ 19:48 | mhadley | Added resolution to issue lc78 - reworked formulating reply message text related to [relationship] to make it clear that the reply relationsship is not added top the relationships specified in the message being replied to |
2005-06-02 @ 19:39 | mhadley | Added resolution to issue lc84 - removed redundant co-occurrence requirements and concentrated conformance requirements in section 3.3 |
2005-06-02 @ 18:47 | mhadley | Added resolution to issue lc89 - assorted editorial fixes |
2005-06-02 @ 18:15 | mhadley | Added resolution to issue lc37 - added DOS attack security considerations |
2005-06-02 @ 18:07 | mhadley | Added explanation of cardinality notation |
2005-05-25 @ 21:40 | mhadley | Added new section in changelog to account for previous draft publication |
2005-05-25 @ 20:25 | mhadley | Added resolution to issue lc39 - changed mandatory to 1..1 |
2005-05-25 @ 20:20 | mhadley | Added resolution to issue lc66 - made it clear that type often refers to the content of elements rather than the element as a whole which can often also include attributes |
2005-05-18 @ 19:49 | mhadley | Added lc81 resolution - remove mustUnderstand attributes from examples |
2005-05-18 @ 19:35 | mhadley | Added lc51 resolution - reordered property list to match order in core |
2005-05-18 @ 19:22 | mhadley | Added lc47 resolution - fixed URL in WSDL 2.0 biblio entry |
2005-05-18 @ 18:58 | mhadley | Added lc97 resolution - Endpoint Reference to endpoint reference |
2005-05-18 @ 18:56 | mhadley | Added lc95 resolution - added WSDL 1.1 citation to introduction |
2005-05-18 @ 18:51 | mhadley | Added lc94 resolution - changed element to Element Information Item |
2005-05-18 @ 18:48 | mhadley | Added lc93 resolution - added ref to soap binding document prior to soap example in introduction |
2005-05-18 @ 18:44 | mhadley | Added lc92 resolution - clarified document being referenced in introduction |
2005-05-18 @ 18:40 | mhadley | Added lc80 resolution - made abstract properties into a separate list |
2005-05-18 @ 18:34 | mhadley | Added lc74 resolution - added suggested security consideration |
2005-05-18 @ 18:24 | mhadley | Added lc63 resolution - editorial fixes to security section |
2005-05-18 @ 18:19 | mhadley | Added lc44 resolution - changed and to or in security section |
2005-05-18 @ 18:17 | mhadley | Added lc43 resolution - added ref to SOAP 1.1 |
2005-05-18 @ 18:12 | mhadley | Added lc42 resolution - reordered infoset representation to match order of abstract properties |
2005-05-18 @ 18:03 | mhadley | Added lc67 resolution - made namespace uri a link |
2005-05-18 @ 17:58 | mhadley | Added lc64 resolution - numerous editorial fixes |
2005-05-16 @ 20:28 | mgudgin | Fixed mismatched endtag in Section 3.1 |
2005-05-16 @ 20:16 | mgudgin | Fixed reference to RFC3987 to match format of other biblio entries |
2005-04-22 @ 18:26 | mhadley | Added resolution to lc22 - clarified ignore rule for extension attributes. |
2005-04-22 @ 18:24 | mhadley | Added resolution to lc21 - removed HTTP specific restriction on use of anonymous URI in [destination] for replies only. |
2005-04-22 @ 18:18 | mhadley | Added resolution to lc19 - clarified that [destination] value comparison is out of scope except for using simple string comparison to determine whether the anonymous destination is being used. |
2005-04-22 @ 18:12 | mhadley | Added resolution to lc18 - simplified description of wsa:To and wsa:Action elements |
2005-04-22 @ 18:04 | mhadley | Added resolution to lc17 - clarified that anonymous destination URI is not just for use in replies |
2005-04-22 @ 18:01 | mhadley | Added resolution to lc16 and lc54 - removed suggestion that required was required to use [destination] and [action] properties for dispatch |
2005-04-22 @ 17:55 | mhadley | Added resolution to lc15 - clarified cardinality of [relationship] properties using predefined reply URI |
2005-04-22 @ 17:50 | mhadley | Added resolution to lc14 - clarified reply IRI targetting |
2005-04-22 @ 17:41 | mhadley | Added resolution to lc13 - clarified wording in description of metadata |
2005-04-22 @ 17:38 | mhadley | Added resolution to lc12 - removed data encoding from description of reference parameters |
2005-04-22 @ 17:30 | mhadley | Added resolution to lc10 and lc11 - clarified types and opacity of reference parameters |
2005-04-22 @ 17:25 | mhadley | Added resolution to lc9 - changed IRI to absolute IRI where appropriate |
2005-04-22 @ 16:16 | mhadley | Added resolution to lc8 - changed IRI to URI where used to refer to IRIs in the specification that are actually URIs |
2005-04-22 @ 15:49 | mhadley | Added resolution to lc7 - fixed editorial nits |
2005-04-22 @ 15:32 | mhadley | Added resolution to lc3 - removed single extensibility point from infoset representation to avoid impression that other extenisibility points are not also valid |
2005-04-22 @ 15:06 | mhadley | Added resolution to lc2 - assorted editorial changes |
Date | Editor | Description |
---|---|---|
2005-03-30 @ 21:02 | plehegar | Removed some extra blanks Added the note from David Hull at http://lists.w3.org/Archives/Public/public-ws-addressing/2005Mar/0254.html per teleconference March 28, 2005 |
2005-03-21 @ 22:36 | mgudgin | Incorporated resolution of issue 50 into Section 3.2 |
2005-03-21 @ 22:06 | mgudgin | Updated with resolution to issue 54 |
2005-03-21 @ 20:47 | mgudgin | Removed parenthetical statement '(and opaquely)' from description of [action] property in Section 3 per resolution on 2005-03-21 telcon |
2005-03-21 @ 16:39 | mgudgin | s/that value/that the value in description of [action] property in Section 3 |
2005-03-21 @ 16:37 | mgudgin | Split paragraph 2 in Section 3 into two seperate paragraphs |
2005-03-10 @ 03:40 | mhadley | Incorporated additional editorial fixes from J. Marsh. |
2005-03-10 @ 03:16 | mhadley | Incorporated additional issue resolution text for issues 7 and 44 from H. Haas. |
2005-03-02 @ 21:18 | mhadley | Added resolution to issue 4 |
2005-03-02 @ 20:30 | mhadley | Added resolution to issue 7 |
2005-03-02 @ 19:36 | mhadley | Added resolution to issues 22 and 51/ |
2005-03-02 @ 14:07 | mhadley | Added issue 52 resolution. |
2005-02-28 @ 22:08 | mhadley | Added resolution to issues 24 and 26 |
2005-02-27 @ 21:42 | mhadley | Added issue 48 resolution |
2005-02-27 @ 19:42 | mhadley | Changed URI to IRI where appropriate. |
2005-02-23 @ 14:34 | mgudgin | Added new section 2.5: Endpoint Reference Extensibility per resolution of issue i042 |
2005-02-17 @ 16:16 | mhadley | Added resolution to issue 44 |
2005-02-15 @ 22:53 | mhadley | Added resolution to issue 46 |
Date | Editor | Description |
---|---|---|
2005-02-01 @ 19:49 | mhadley | Removed several occurances of the word 'identify' when used with endpoint references. Replaced with 'reference' or 'address' as appropriate. |
2005-01-23 @ 21:13 | mgudgin | Incorporated resolution of issue i014; edits to Section 2.3 |
2005-01-23 @ 20:52 | mgudgin | Incorporated resolution of issue i006; made wsa:To optional |
2005-01-23 @ 19:32 | mgudgin | Incorporated resolution of Issue i001 by removing Reference Properties |
2005-01-17 @ 02:13 | mgudgin | Incorporated Paco's proposal for resolving Issue 038 |
2005-01-16 @ 22:40 | mgudgin | s/PortType/InterfaceName in certain examples |
2004-12-17 @ 16:08 | mhadley | Improved readability of introduction |
2004-12-16 @ 18:20 | mhadley | Added resolution to issue 19 - WSDL version neutrality |
2004-12-16 @ 16:50 | mhadley | Added issue 33 resolution |
2004-12-14 @ 20:10 | mhadley | Switched back to edcopy formatting |
2004-12-14 @ 20:02 | mhadley | Enhanced auto-changelog generation to allow specification of data ranges for logs. Split change log to show changes between early draft and first working draft and changes since first working draft. |
2004-12-14 @ 18:13 | mhadley | Added resolutions for issues 12 (EPR lifecycle), 37 (relationship from QName to URI) and 39 (spec name versioning) |
Date | Editor | Description |
---|---|---|
2004-11-23 @ 21:38 | mhadley | Updated titles of examples. Fixed table formatting and references. Replaced uuid URIs with http URIs in examples. Added document status. |
2004-11-22 @ 15:40 | mhadley | Removed reference to WS-Policy |
2004-11-15 @ 19:43 | mhadley | Fixed some inter and intra spec references. |
2004-11-12 @ 21:19 | mgudgin | Removed TBD sections |
2004-11-11 @ 18:31 | mgudgin | Added some TBD sections |
2004-11-07 @ 02:03 | mhadley | Second more detailed run through to separate core, SOAP and WSDL document contents. Removed dependency on WS-Policy. Removed references to WS-Trust and WS-SecurityPolicy |
2004-11-02 @ 22:25 | mhadley | Removed static change log and added dynamically generated change log from cvs. |
2004-10-28 @ 17:05 | mhadley | Initial cut of separating specification into core, soap and wsdl |