W3C

2005-03-31 diff-marked version: Web Services Addressing 1.0 - SOAP Binding

W3C Working Draft 15 February 31 March 2005

This version:
<a href= "http://www.w3.org/TR/2005/WD-ws-addr-soap-20050215"> http://www.w3.org/TR/2005/WD-ws-addr-soap-20050215 http://www.w3.org/TR/2005/WD-ws-addr-soap-20050331
Latest version:
http://www.w3.org/TR/ws-addr-soap
Previous versions:
<a href= "http://www.w3.org/TR/2004/WD-ws-addr-soap-20041208"> http://www.w3.org/TR/2004/WD-ws-addr-soap-20041208 http://www.w3.org/TR/2005/WD-ws-addr-soap-20050215
Editors:
Martin Gudgin, Microsoft Corp
Marc Hadley, Sun Microsystems, Inc

This document is also available in these non-normative formats: postscript , PDF , XML , and  plain text .

Copyright  © 2005  W3C ® ( MIT , ERCIM , Keio ), All Rights Reserved. W3C liability , trademark and document use rules apply.

Abstract

Web Services Addressing provides transport-neutral mechanisms to address Web services and messages. Web Services Addressing 1.0 - SOAP Binding (this document) defines the binding of the abstract properties defined in Web Services Addressing 1.0 - Core to SOAP Messages.

Status of this Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

This is the second <a href= "http://www.w3.org/2004/02/Process-20040205/tr.html#q73"> Public Last Call Working Draft of the Web Services Addressing 1.0 - SOAP Binding specification for review by W3C members and other interested parties. It has been produced by the Web Services Addressing Working Group (WG), which is part of the W3C Web Services Activity .

This Working Draft reflects If the current position of feedback is positive, the Working Group. Group plans to submit this specification for consideration as a W3C Candidate Recommendation .Comments on this document are invited and are to be sent to the public public-ws-addressing-comments@w3.org mailing list ( public archive ). Comments can be sent until 11 May 2005 .

A diff-marked version against the previous version of this document is available. For a detailed list of changes since the last publication of this document, please refer to appendix <b> B. Change Log </b> . A <a href="http://www.w3.org/2002/ws/addr/wd-issues/"> list of remaining Issues about this document are documented in the Last Call issues list is also available. maintained by the Working Group.

Discussion of this document takes place on the public-ws-addressing@w3.org mailing list ( public archive ). deleted text: Comments on this specification should be sent to this mailing list.

This document was produced under the 5 February 2004 W3C Patent Policy . The Working Group maintains a public list of patent disclosures relevant to this document; that page also includes instructions for disclosing [and excluding] a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) with respect to this specification should disclose the information in accordance with section 6 of the W3C Patent Policy .

deleted text: Per <a href= "http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Exclusion"> section 4 of the W3C Patent Policy </a>, Working Group participants have 150 days from the title page date of this document to exclude essential claims from the W3C RF licensing requirements with respect to this document series. Exclusions are with respect to the exclusion reference document, defined by the W3C Patent Policy to be the latest version of a document in this series that is published no later than 90 days after the title page date of this document. </p> <p> Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

<b> Editorial note </b>  
The Web Services Addressing Working Group has decided to use XML Schema, where appropriate, to describe constructs defined in this specification. Note that this restricts use of Web Services Addressing to XML 1.0.

<a name="shortcontents" id="shortcontents"> Short Table of Contents

1. <a href="#tocRange"> Introduction deleted text:
2. <a href="#_Toc77464317"> Binding Endpoint References     1.1 Notational Conventions deleted text:
3. <a href="#_Toc77464328"> Faults     1.2 Namespaces deleted text:
4. <a href="#_Toc77464334"> Security Considerations 2. SOAP 1.2 Addressing 1.0 Feature deleted text:
5. <a href="#_Toc77464336"> References     2.1 Feature Name deleted text:
A. <a href="#acknowledgments"> Acknowledgements     2.2 Description deleted text: (Non-Normative)
B. <a href="#changelog"> Change Log     2.3 Properties deleted text: (Non-Normative)
</p> </div> <hr /> <div class="toc"> <h2> <a name="contents" id="contents"> Table of Contents     2.4 Interactions with Other SOAP Features </h2> <p class="toc"> 1. <a href="#tocRange"> Introduction
3. SOAP 1.2 Addressing 1.0 Module deleted text:
    1.1 <a href="#_Toc77464315"> Notational Conventions     3.1 Module Name deleted text:
    1.2 <a href= "#_Toc77464316"> Namespaces     3.2 Description deleted text:
2. <a href="#_Toc77464317">     3.3 Binding Endpoint References Message Addressing Properties deleted text:
3. <a href="#_Toc77464328"> 4. SOAP 1.1 Addressing 1.0 Extension
    4.1 Extension Name
    4.2 Description
5. Faults deleted text:
    3.1 <a href="#_Toc77464329">     5.1 Invalid Message Information Header Addressing Property deleted text:
    3.2 <a href="#_Toc77464330">     5.2 Message Information Header Addressing Property Required deleted text:
    3.3 <a href="#_Toc77464331">     5.3 Destination Unreachable deleted text:
    3.4 <a href="#_Toc55895108">     5.4 Action Not Supported deleted text:
    3.5 <a href="#_Toc77464333">     5.5 Endpoint Unavailable deleted text:
4. <a href="#_Toc77464334"> 6. Security Considerations deleted text:
5. <a href="#_Toc77464336">     6.1 Additional Considerations for SOAP Intermediaries
7. References deleted text:

Appendices

A. Acknowledgements (Non-Normative)
B. Change Log (Non-Normative)
    B.1 <a href="#id2272399"> Changes Since First Second Working Draft deleted text:
    B.2 <a href="#id2272412"> Changes Since First Working Draft
    B.3 Changes Since Submission deleted text:

<a name="tocRange" id="tocRange"> 1. Introduction

Web Services Addressing 1.0 - Core[ WS-Addressing-Core ] defines a set of abstract properties and an XML Infoset [ XML Information Set ] representation thereof to reference Web service endpoints and to facilitate end-to-end addressing of endpoints in messages. Web Services Addressing 1.0 - SOAP Binding (this document) defines the binding of the abstract properties defined in Web Services Addressing 1.0 - Core to SOAP Messages.

The following example illustrates the use of these mechanisms in a SOAP 1.2 message being sent from http://example.com/business/client1 to http://example.com/fabrikam/Purchasing:

<p style="text-align: left" class="exampleHead">

<i> Example 1-1. Use of message addressing properties in a SOAP 1.2 message. </i>

(001) <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"      


                xmlns:wsa="http://www.w3.org/2005/02/addressing">



                xmlns:wsa="http://www.w3.org/2005/03/addressing">


(002)   <S:Header>
(003)    <wsa:MessageID>
(004)      http://example.com/6B29FC40-CA47-1067-B31D-00DD010662DA
(005)    </wsa:MessageID>
(006)    <wsa:ReplyTo>
(007)      <wsa:Address>http://example.com/business/client1</wsa:Address>
(008)    </wsa:ReplyTo>
(009)    <wsa:To>http://example.com/fabrikam/Purchasing</wsa:To>
(010)    <wsa:Action>http://example.com/fabrikam/SubmitPO</wsa:Action>
(011)   </S:Header>
(012)   <S:Body>
(013)     ...
(014)   </S:Body>
(015) </S:Envelope>

Lines (002) to (011) represent the header of the SOAP message where the mechanisms defined in the specification are used. The body is represented by lines (012) to (014).

Lines (003) to (010) contain the message information addressing properties serialized as SOAP header blocks. Specifically, lines (003) to (005) specify the identifier for this message and lines (006) to (008) specify the endpoint to which replies to this message should be sent as an Endpoint Reference. Line (009) specifies the address URI of the ultimate receiver of this message. Line (010) specifies an Action URI IRI identifying expected semantics.

<a name="_Toc77464315" id="_Toc77464315"> 1.1 Notational Conventions

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [ IETF RFC 2119 ].

When describing abstract data models, this specification uses the notational convention used by XML Infoset [ XML Information Set ]. Specifically, abstract property names always appear in square brackets (e.g., [some property]).

When describing concrete XML schemas [ XML Schema Structures , XML Schema Datatypes ], this specification uses the notational convention of WS-Security [ WS-Security ]. Specifically, each member of an element's [children] or [attributes] property is described using an XPath-like notation (e.g., /x:MyHeader/x:SomeProperty/@value1). The use of {any} indicates the presence of an element wildcard (<xs:any/>). The use of @{any} indicates the presence of an attribute wildcard (<xs:anyAttribute/>).

<a name="_Toc77464316" id="_Toc77464316"> 1.2 Namespaces

This specification uses a number of namespace prefixes throughout; they are listed in Table 1-1 . Note that the choice of any namespace prefix is arbitrary and not semantically significant (see [ XML Namespaces ]).

Table 1-1. Prefixes and Namespaces used in this specification
Prefix Namespace
S http://www.w3.org/2003/05/soap-envelope
S11 http://schemas.xmlsoap.org/soap/envelope
wsa http://www.w3.org/2005/02/addressing http://www.w3.org/2005/03/addressing
wsaw http://www.w3.org/2005/03/addressing/wsdl
xs http://www.w3.org/2001/XMLSchema

WS-Addressing is defined in terms of the XML Information Set [ XML Information Set ]. WS-Addressing is conformant to the SOAP 1.2 [ SOAP 1.2 Part 1: Messaging Framework ] processing model and is also compatible with SOAP 1.1[ SOAP 1.1 ] for backwards compatibility. WS-Addressing may be used with WSDL [ WSDL 2.0 ] described services as described in Web Services Addressing 1.0 - WSDL Binding[ WS-Addressing-WSDL ]. The examples in this specification use an XML 1.0 [ XML 1.0 ] representation but this is not a requirement.

All information items defined by WS-Addressing this specification are identified by the XML namespace URI [ XML Namespaces ] "http://www.w3.org/2005/02/addressing". "http://www.w3.org/2005/03/addressing". A normative XML Schema [ XML Schema Structures , XML Schema Datatypes ] document can be obtained by dereferencing the XML namespace URI.

<a name="_Toc77464317" id="_Toc77464317"> 2. Binding Endpoint References SOAP 1.2 Addressing 1.0 Feature

This section defines the deleted text: binding of Endpoint references to SOAP messages. 1.2 Addressing 1.0 Feature.

2.1 Feature Name

The SOAP 1.2 Addressing 1.0 Feature is named using the following IRI:

  • When http://www.w3.org/2005/03/addressing/feature

2.2 Description

The SOAP 1.2 Addressing 1.0 Feature provides a SOAP-specific expression of the abstract message needs to addressing properties defined by Web Services Addressing 1.0 - Core[ WS-Addressing-Core ].

This feature may be addressed used with any SOAP MEP. A binding that supports this feature MUST provide a means to transmit the endpoint, properties listed above with a message and to reconstitute their values on receipt of a message.

2.3 Properties

The SOAP 1.2 Addressing 1.0 Feature defines the information contained in following properties:

http://www.w3.org/2005/03/addressing/feature/Destination

Corresponds to the endpoint reference is mapped abstract [destination] property.

http://www.w3.org/2005/03/addressing/feature/SourceEndpoint

Corresponds to the message according abstract [source endpoint] property.

http://www.w3.org/2005/03/addressing/feature/ReplyEndpoint

Corresponds to deleted text: a transformation that is dependent on the protocol and data representation used abstract [reply endpoint] property.

http://www.w3.org/2005/03/addressing/feature/FaultEndpoint

Corresponds to deleted text: send the message. Protocol-specific mappings (or bindings) will define how abstract [fault endpoint] property.

http://www.w3.org/2005/03/addressing/feature/MessageId

Corresponds to the information in abstract [message id] property.

http://www.w3.org/2005/03/addressing/feature/Relationship

Corresponds to the endpoint reference is copied abstract [relationship] property.

http://www.w3.org/2005/03/addressing/feature/ReferenceParameters

Corresponds to deleted text: message and protocol fields. This specification defines the abstract [reference parameters] property.

http://www.w3.org/2005/03/addressing/feature/Action

Corresponds to the abstract [action] property.

2.4 Interactions with Other SOAP binding for endpoint references. This mapping MAY be explicitly replaced by other bindings (defined as WSDL bindings or as policies); however, in Features

If the absence http://www.w3.org/2003/05/soap/features/action/Action property of an applicable policy stating that the SOAP Action feature SOAP 1.2 Part 2: Adjuncts has a different mapping must be used, value, then the value of the http://www.w3.org/2005/03/addressing/feature/Action property of the SOAP binding defined here is assumed 1.2 Addressing 1.0 feature MUST be identical to apply. it.

3. SOAP 1.2 Addressing 1.0 Module

The SOAP 1.2 Addressing 1.0 Module defines a set of SOAP header blocks to support the SOAP 1.2 Addressing 1.0 Feature described in 2. SOAP 1.2 Addressing 1.0 Feature . To ensure interoperability with a broad range of devices, all conformant implementations that include support for SOAP 1.2 MUST support the SOAP binding. 1.2 Addressing 1.0 Module.

3.1 Module Name

The SOAP binding for endpoint references 1.2 Addressing 1.0 Module is defined by identified using the following three rules: IRI:

  • http://www.w3.org/2005/03/addressing/module

3.2 Description

The [address] property in the endpoint reference is copied in SOAP 1.2 Addressing 1.0 Feature (see 2. SOAP 1.2 Addressing 1.0 Feature ) defines a set of SOAP properties and their correspondence to the [destination] abstract message information property. addressing properties defined by Web Services Addressing 1.0 - Core[ WS-Addressing-Core ]. The infoset SOAP 1.2 Addressing 1.0 Module uses the XML Infoset representation of the [destination] abstract message addressing properties defined in Web Services Addressing 1.0 - Core.

When sending a message each property becomes is represented using the appropriate element information item as a SOAP header block block. The resulting header blocks are targetted at the ultimate recipient in the SOAP message. message path (note that extensions to WS-Addressing could be written to specify different targetting). 3.3 Binding Message Addressing Properties describes additional processing required when binding message addressing properties to SOAP header blocks.

deleted text: </li> <li>

Each [reference parameter] When receiving a message, the abstract properties are populated from their corresponding element becomes information items in the message. Note that the message addressing properties gathered by an intermediary when receiving a SOAP message do not necessarily get replayed as MAPs when resending the message along the message path.

3.3 Binding Message Addressing Properties

When a message is be addressed to an endpoint, the values of the SOAP 1.2 Addressing 1.0 Feature properties are mapped to the message as SOAP header block in blocks with the following additional modifications:

  • The value of the http://www.w3.org/2005/03/addressing/feature/ReferenceParameters property is added to the SOAP message. message header. The element information item of each [reference parameter] (including all of its [children], [attributes] and [in-scope namespaces]) is deleted text: to be added as a SOAP header block in the new message.

  • Each header block added as a result of the above rule is annotated with a wsa:Type wsa:isReferenceParameter attribute whose value is "parameter". "true".

  • Each property that is of type IRI MUST be serialized as an absolute IRI in the SOAP message.

The next following example shows how the deleted text: default SOAP binding for endpoint references 1.2 Addressing 1.0 Module is used to construct a message addressed to the endpoint:

<p style="text-align: left" class="exampleHead">

<i> Example 2-1. 3-1. Example endpoint reference. </i>

<wsa:EndpointReference


     xmlns:wsa="http://www.w3.org/2005/02/addressing"



     xmlns:wsa="http://www.w3.org/2005/03/addressing"


     xmlns:fabrikam="http://example.com/fabrikam"
     xmlns:wsdli="http://www.w3.org/2004/08/wsdl-instance"
     wsdli:wsdlLocation="http://example.com/fabrikam
       http://example.com/fabrikam/fabrikam.wsdl">
   <wsa:Address>http://example.com/fabrikam/acct</wsa:Address>


   <wsa:InterfaceName>fabrikam:Inventory</wsa:InterfaceName>




   <wsa:Metadata>
       <wsaw:InterfaceName>fabrikam:Inventory</wsaw:InterfaceName>
   <wsa:Metadata>


   <wsa:ReferenceParameters>
       <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
       <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
   </wsa:ReferenceParameters>
</wsa:EndpointReference>

According to the mapping rules stated above, the The address value is copied in the "To" header block and the "CustomerKey" and "ShoppingCart" elements should be are copied literally as a header blocks in a SOAP message addressed to this endpoint. The resulting SOAP message would look as follows:

<p style="text-align: left" class="exampleHead">

<i> Example 2-2. 3-2. Example endpoint reference mapped to SOAP message header blocks. </i>

<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"


         xmlns:wsa="http://www.w3.org/2005/02/addressing"



         xmlns:wsa="http://www.w3.org/2005/03/addressing"


         xmlns:fabrikam="http://example.com/fabrikam">
   <S:Header>
     ...
    <wsa:To>http://example.com/fabrikam/acct</wsa:To>


    <fabrikam:CustomerKey wsa:Type='parameter'>123456789</fabrikam:CustomerKey>
    <fabrikam:ShoppingCart wsa:Type='parameter'>ABCDEFG</fabrikam:ShoppingCart>



    <wsa:Action>...</wsa:Action>
    <fabrikam:CustomerKey wsa:isReferenceParameter='true'>123456789</fabrikam:CustomerKey>
    <fabrikam:ShoppingCart wsa:isReferenceParameter='true'>ABCDEFG</fabrikam:ShoppingCart>


     ...
   </S:Header>
   <S:Body>
     ...
   </S:Body>
</S:Envelope>

<a name="_Toc77464328" id="_Toc77464328"> 4. SOAP 1.1 Addressing 1.0 Extension

The SOAP 1.1 Addressing 1.0 Extension defines a set of SOAP header blocks to support the SOAP 1.2 Addressing 1.0 Feature described in 2. SOAP 1.2 Addressing 1.0 Feature .To ensure interoperability with a broad range of devices, all conformant implementations that include support for SOAP 1.1 MUST support the SOAP 1.1 Addressing 1.0 Extension. This SOAP 1.1 extension is provided for backwards compatibility only.

4.1 Extension Name

The SOAP 1.1 Addressing 1.0 Extension is identified using the following IRI:

  • http://www.w3.org/2005/03/addressing/module

4.2 Description

The SOAP 1.2 Addressing 1.0 Feature (see 2. SOAP 1.2 Addressing 1.0 Feature ) defines a set of SOAP properties and their correspondence to the abstract message addressing properties defined by Web Services Addressing 1.0 - Core[ WS-Addressing-Core ]. The SOAP 1.1 Addressing 1.0 Extension uses the XML Infoset representation of the abstract message addressing properties defined in Web Services Addressing 1.0 - Core and binds each element information item to a SOAP header block. The SOAP 1.1 Addressing 1.0 Extension operates as described in 3. SOAP 1.2 Addressing 1.0 Module with the following exceptions:

SOAP Action

Use of the SOAPAction HTTP header is required when using the SOAP 1.1 HTTP binding. The value of the SOAPAction HTTP header SHOULD be identical to the value of the http://www.w3.org/2005/03/addressing/feature/Action property of the Web Services Addressing 1.0 feature.

5. Faults

The faults defined in this section are generated if the condition stated in the preamble in each subsection is met.

Endpoints compliant with this specification MUST include the required message information addressing properties serialized as SOAP headers on in all fault messages. Fault messages are correlated as replies using the [relationship] property as defined in Section 3. The [action] property below designates WS-Addressing fault messages:



http://www.w3.org/2005/02/addressing/fault



http://www.w3.org/2005/03/addressing/fault

The definitions of faults use the following properties:

[Code] The fault code.

[Subcode] The fault subcode.

[Reason] The English language reason element.

[Detail] The detail element. If absent, no detail element is defined for the fault.

The properties above bind to a SOAP 1.2 fault as follows:

<p style="text-align: left" class="exampleHead">

<i> Example 3-1. 5-1. Binding of fault properties to SOAP 1.2 messages. </i>

<S:Envelope>
 <S:Header>
   <wsa:Action>


     http://www.w3.org/2005/02/addressing/fault



     http://www.w3.org/2005/03/addressing/fault


   </wsa:Action>
   <!-- Headers elided for clarity.  -->
 </S:Header>
 <S:Body>
  <S:Fault>
   <S:Code>
    <S:Value>[Code]</S:Value>
     <S:Subcode>
    <S:Value>[Subcode]</S:Value>
     </S:Subcode>
   </S:Code>
   <S:Reason>
     <S:Text xml:lang="en">[Reason]</S:Text>
   </S:Reason>
   <S:Detail>
     [Detail]
  </S:Detail>   
  </S:Fault>
 </S:Body>
</S:Envelope>

The SOAP 1.1 fault is less expressive and map only [Subcode] and [Reason]. These the properties bind to a SOAP 1.1 fault as follows:

<p style="text-align: left" class="exampleHead">

<i> Example 3-2. 5-2. Binding of fault properties to SOAP 1.1 messages. </i>

<S11:Envelope>
 <S11:Body>
  <S11:Fault>
   <faultcode>[Subcode]</faultcode>
   <faultstring xml:lang="en">[Reason]</faultstring>
  </S11:Fault>
 </S11:Body>
</S11:Envelope>

<a name="_Toc77464329" id="_Toc77464329"> 3.1 5.1 Invalid Message Information Header Addressing Property

A message information header property cannot be processed.

[Code] S:Sender

[Subcode] wsa:InvalidMessageInformationHeader wsa:InvalidMessageAddressingProperty

[Reason] A message information header addressing property is not valid and the message cannot be processed. The validity failure can be either structural or semantic, e.g. a [destination] that is not a URI an IRI or a [relationship] to a [message id] that was never issued.

[Detail] [invalid header] property]

<a name="_Toc77464330" id="_Toc77464330"> 3.2 5.2 Message Information Header Addressing Property Required

A required message information header addressing property is absent.

[Code] S:Sender

[Subcode] wsa:MessageInformationHeaderRequired wsa:MessageAddressingPropertyRequired

[Reason] A required message information header, To, MessageID, or Action, addressing property is not present.

[Detail] [Missing Header Property QName]

<a name="_Toc77464331" id="_Toc77464331"> 3.3 5.3 Destination Unreachable

No endpoint can be found capable of acting in the role of the [destination] property.

[Code] S:Sender

[Subcode] wsa:DestinationUnreachable

[Reason] No route can be determined to reach the destination role defined by the WS-Addressing To. [destination].

[Detail] empty

<a name="_Toc55895108" id="_Toc55895108"> 3.4 5.4 Action Not Supported

The [action] property in the message is not supported at this endpoint.

The contents of this fault are as follows:

[Code] S:Sender

[Subcode] wsa:ActionNotSupported

[Reason] The [action] cannot be processed at the receiver.

[Detail] [action]

<a name="_Toc77464333" id="_Toc77464333"> 3.5 5.5 Endpoint Unavailable

The endpoint is unable to process the message at this time either due to some transient issue or a permanent failure.

The endpoint may optionally include a RetryAfter parameter in the detail. The source should not retransmit the message until this duration has passed.

[Code] S:Receiver

[Subcode] wsa:EndpointUnavailable

[Reason] The endpoint is unable to process the message at this time.

[Detail] <wsa:RetryAfter ...>[xs:NonNegativeInteger]</wsa:RetryAfter>

The following describes the attributes and elements listed above:

/wsa:RetryAfter

This element (of type xs:NonNegativeInteger) xs:nonNegativeInteger) is a suggested minimum duration in milliseconds to wait before retransmitting the message. If this element is omitted from the detail, the value is infinite.

Editorial note: M Hadley  
The WG seeks feedback on the choice of nonNegativeInteger for this element. Other types considered included unsignedLong, unsignedInt and duration.
/wsa:RetryAfter/@{any}

These optional Optional extensibility attributes that do not affect processing.

<a name="_Toc77464334" id="_Toc77464334"> 4. 6. Security Considerations

It is strongly recommended that WS-Addressing message addressing properties serialized as SOAP headers (wsa:To, wsa:Action et al.) including those headers present as a result of the communication between services [reference parameters] property SHOULD be secured using the mechanisms described integrity protected as explained in WS-Security [ Web Services Addressing 1.0 - Core[ <a href="#WS-Security"> WS-Security WS-Addressing-Core ]. deleted text: In order to properly secure messages, the body and all relevant headers need to be included in the signature. Specifically, the message information headers described in this specification (e.g. <wsa:To>) need to be signed with the body in order to "bind" the two together. It should be noted that for messages traveling through intermediaries, it is possible that some or all of the message information headers may have multiple signatures when the message arrives at the ultimate receiver. It is strongly recommended that the initial sender include a signature to prevent any spoofing by intermediaries.

Whenever an address is specified (e.g. <wsa:From>, <wsa:ReplyTo>, <wsa:FaultTo>, ...), the processor should ensure that When receiving a signature is provided with claims allowing it to speak for the specified target in order to prevent certain classes of attacks (e.g. redirects). As well, care should be taken if the specified endpoint contains reference parameters as unverified endpoint references could cause SOAP message, certain classes of header insertion attacks. </p> <p> The message information SOAP headers deleted text: blocks may have their contents encrypted in order to obtain end-to-end privacy, but care should be taken to ensure that intermediary processors have access to required information (e.g. <wsa:To>). </p> <p> Some processors may use message identifiers (<wsa:MessageID>) as part of a uniqueness metric in order to detect replays of messages. Care should be taken to ensure that a unique identifier is actually used. For example, it may be appropriate in some scenarios to combine resulting from the message identifier with a timestamp. </p> <p> The following list summarizes common classes serialization of attacks that apply to this protocol an EPR's [reference parameters] property. The SOAP message receiver MAY perform additional security and identifies the mechanism sanity checks to prevent/mitigate the attacks: </p> <ul> <li> <p> Message alteration – Alteration is prevented by including signatures of the message information using WS-Security. </p> </li> </ul> <ul> <li> <p> Message disclosure – Confidentiality is preserved by encrypting sensitive data using WS-Security. prevent unintended actions.

</li> </ul> <ul> <li> <p> Address spoofing – Address spoofing is prevented by ensuring that all address are signed by a party authorized to speak

6.1 Additional Considerations for (or on behalf of) the address. </p> </li> </ul> <ul> <li> <p> Key integrity – Key integrity is maintained by using the strongest algorithms possible (by comparing secured policies. </p> </li> </ul> <ul> <li> <p> Authentication – Authentication may be established using the mechanisms described in WS-Security. </p> </li> </ul> <ul> <li> SOAP Intermediaries

Accountability – Accountability is a function of To avoid breaking signatures, intermediaries MUST NOT change the type of and strength XML representation of the key WS-Addressing headers. Specifically, intermediaries MUST NOT remove XML content that explicitly indicates otherwise-implied content, and algorithms being used. In many cases, a strong symmetric key provides sufficient accountability. However, in some environments, strong PKI signatures are required. </p> </li> </ul> <ul> <li> <p> Availability – All reliable messaging services are subject intermediaries MUST NOT insert XML content to make implied values explicit. For instance, if a variety of availability attacks. Replay detection RelationshipType attribute is present with a common attack and it is recommended that this be addressed by the mechanisms described in WS-Security and/or caching of message identifiers. Other attacks, such as network-level denial of service attacks are harder to avoid and are outside the scope value of this specification. That said, care should be taken to ensure that minimal state "http://www.w3.org/2005/03/addressing/reply", an intermediary MUST NOT remove it; similarly, if there is saved prior to any authenticating sequences. </p> </li> </ul> <ul> <li> <p> Replay – Messages may be replayed for a variety of reasons. To detect and eliminate this attack, mechanisms should be used to identify replayed messages such as the timestamp/nonce outlined in WS-Security. Alternatively, and optionally, other technologies, such as sequencing, can also be used to prevent replay of application messages. no RelationshipType attribute, an intermediary MUST NOT add one.

</li> </ul>

<a name="_Toc77464336" id="_Toc77464336"> 5. 7. References

[WS-Addressing-Core]
<a href= "http://www.w3.org/TR/2005/WD-ws-addr-core-20050215"> Web Services Addressing 1.0 - Core , M. Gudgin, M. Hadley, Editors.
[WS-Addressing-WSDL]
Web Services Addressing 1.0 - WSDL Binding , M. Gudgin, M. Hadley, Editors.
[WSDL 2.0]
Web Services Description Language 2.0 , R. Chinnici, M. Gudgin, J. J. Moreau, J. Schlimmer, S. Weerawarana, Editors. World Wide Web Consortium, 3 August 2004. This version of the WSDL 2.0 specification is http://www.w3.org/TR/2004/WD-wsdl20-20040803. The latest version of WSDL 2.0 is available at http://www.w3.org/TR/wsdl20.
[IETF RFC 2119]
Key words for use in RFCs to Indicate Requirement Levels , S. Bradner, Author. Internet Engineering Task Force, June 1999. Available at http://www.ietf.org/rfc/rfc2119.txt.
<a name="RFC2396" id="RFC2396"> [RFC 3986] 3987]
T. Berners-Lee, et al, "Uniform M. Duerst, M. Suignard, "Internationalized Resource Identifier (URI): Generic Syntax,", W3C/MIT, Identifiers (IRIs)", January 2005. (See <a href= "http://www.ietf.org/rfc/rfc3986.txt"> http://www.ietf.org/rfc/rfc3986.txt http://www.ietf.org/rfc/rfc3987.txt .)
[XML 1.0]
<a href= "http://www.w3.org/TR/2000/REC-xml-20001006"> Extensible Markup Language (XML) 1.0 (Second (Third Edition) , T. Bray, J. Paoli, C. M. Sperberg-McQueen, and E. Maler, Editors. World Wide Web Consortium, 10 4 February 1998, revised 6 October 2000. 2004. This version of the XML 1.0 Recommendation is http://www.w3.org/TR/2000/REC-xml-20001006. http://www.w3.org/TR/2004/REC-xml-20040204. The <a href= "http://www.w3.org/TR/REC-xml"> latest version of XML 1.0 is available at http://www.w3.org/TR/REC-xml.
[XML Namespaces]
Namespaces in XML , T. Bray, D. Hollander, and A. Layman, Editors. World Wide Web Consortium, 14 January 1999. This version of the XML Information Set Recommendation is http://www.w3.org/TR/1999/REC-xml-names-19990114. The latest version of Namespaces in XML is available at http://www.w3.org/TR/REC-xml-names.
[XML Information Set]
XML Information Set , J. Cowan and R. Tobin, Editors. World Wide Web Consortium, 24 October 2001. This version of the XML Information Set Recommendation is http://www.w3.org/TR/2001/REC-xml-infoset-20011024. The latest version of XML Information Set is available at http://www.w3.org/TR/xml-infoset.
[XML Schema Structures]
<a href= "http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/"> XML Schema Part 1: Structures Second Edition , H. Thompson, D. Beech, M. Maloney, and N. Mendelsohn, Editors. World Wide Web Consortium, 2 May 2001. 28 October 2004. This version of the XML Schema Part 1 Recommendation is http://www.w3.org/TR/2001/REC-xmlschema-1-20010502. http://www.w3.org/TR/2004/REC-xmlschema-1-20041028. The latest version of XML Schema Part 1 is available at http://www.w3.org/TR/xmlschema-1.
[XML Schema Datatypes]
<a href= "http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/"> XML Schema Part 2: Datatypes Second Edition , P. Byron and A. Malhotra, Editors. World Wide Web Consortium, 2 May 2001. 28 October 2004. This version of the XML Schema Part 2 Recommendation is http://www.w3.org/TR/2001/REC-xmlschema-2-20010502. http://www.w3.org/TR/2004/REC-xmlschema-2-20041028. The latest version of XML Schema Part 2 is available at http://www.w3.org/TR/xmlschema-2.
[SOAP 1.2 Part 1: Messaging Framework]
SOAP Version 1.2 Part 1: Messaging Framework , M. Gudgin, M. Hadley, N. Mendelsohn, J-J. Moreau, H. Frystyk Nielsen, Editors. World Wide Web Consortium, 24 June 2003. This version of the "SOAP Version 1.2 Part 1: Messaging Framework" Recommendation is http://www.w3.org/TR/2003/REC-soap12-part1-20030624/. The latest version of "SOAP Version 1.2 Part 1: Messaging Framework" is available at http://www.w3.org/TR/soap12-part1/.
<a name="WSDL11" id="WSDL11"> [WSDL 1.1] [SOAP 1.2 Part 2: Adjuncts]
E. Christensen, et al, <a href= "http://www.w3.org/TR/2001/NOTE-wsdl-20010315"> Web Services Description Language (WSDL) 1.1 SOAP Version 1.2 Part 2: Adjuncts , March 2001. M. Gudgin, M. Hadley, N. Mendelsohn, J-J. Moreau, H. Frystyk Nielsen, Editors. World Wide Web Consortium, 24 June 2003. This version of the "SOAP Version 1.2 Part 2: Adjuncts" Recommendation is http://www.w3.org/TR/2003/REC-soap12-part2-20030624/. The latest version of "SOAP Version 1.2 Part 2: Adjuncts" is available at http://www.w3.org/TR/soap12-part2/.
[SOAP 1.1]
Don Box, et al, Simple Object Access Protocol (SOAP) 1.1 , May 2000.
[WS-Security]
OASIS, Web Services Security: SOAP Message Security , March 2004.

A. Acknowledgements (Non-Normative)

This document is the work of the W3C Web Service Addressing Working Group .

Members of the Working Group are (at the time of writing, and by alphabetical order): Abbie Barbir (Nortel Networks), Rebecca Bergersen (IONA Technologies, Inc.), Andreas Bjärlestam (ERICSSON), Ugo Corda (SeeBeyond Technology Corporation), Francisco Curbera (IBM Corporation), Glen Daniels (Sonic Software), Paul Downey (BT), Jacques Durand (Fujitsu Limited), Michael Eder (Nokia), Robert Freund (Hitachi, Ltd.), Yaron Goland (BEA Systems, Inc.), Martin Gudgin (Microsoft Corporation), Arun Gupta (Sun Microsystems, Inc.), Hugo Haas (W3C/ERCIM), Marc Hadley (Sun Microsystems, Inc.), David Hull (TIBCO Software, Inc.), Yin-Leng Husband (HP), Anish Karmarkar (Oracle Corporation), Paul Knight (Nortel Networks), Philippe Le Hégaret (W3C/MIT), Mark Little (Arjuna Technologies Ltd.), Jonathan Marsh (Microsoft Corporation), Jeff Mischkinsky (Oracle Corporation), Nilo Mitra (ERICSSON), Eisaku Nishiyama (Hitachi, Ltd.), Mark Nottingham (BEA Systems, Inc.), Ales Novy (Systinet Inc.), David Orchard (BEA Systems, Inc.), Mark Peel (Novell, Inc.), deleted text: Harris Reynolds (webMethods, Inc.), Tony Rogers (Computer Associates), Tom Rutt (Fujitsu Limited), Rich Salz (DataPower Technology, Inc.), Davanum Srinivas (Computer Associates), Jiri Tejkl (Systinet Inc.), Greg Truty (IBM Corporation), Steve Vinoski (IONA Technologies, Inc.), Pete Wenzel (SeeBeyond Technology Corporation), Steve Winkler (SAP AG), Ümit Yalçınalp (SAP AG). AG), Prasad Yendluri (webMethods, Inc.).

Previous members of the Working Group were: @@@. Lisa Bahler (SAIC - Telcordia Technologies), Marc Goodner (SAP AG), Harris Reynolds (webMethods, Inc.).

The people who have contributed to discussions on public-ws-addressing@w3.org are also gratefully acknowledged.

B. Change Log (Non-Normative)

<a name="id2272399" id="id2272399"> B.1 Changes Since Second Working Draft

Date Editor Description
2005-03-21 @ 23:15 mgudgin Added sentence about SOAP 1.1 to section 4
2005-03-18 @ 23:21 mgudgin s/Addresssing/Addressing
2005-03-10 @ 03:40 mhadley Incorporated additional editorial fixes from J. Marsh.
2005-03-10 @ 03:16 mhadley Incorporated additional issue resolution text for issues 7 and 44 from H. Haas.
2005-03-10 @ 02:06 mhadley Incorporated editorial fixes from J. Marsh.
2005-03-09 @ 07:11 mhadley Fixed example that didn't reflect the chnage from wsa:Type to wsa:isReferenceParameter
2005-03-08 @ 20:50 mhadley Added resolution to issue 53 (schema tweaks)
2005-03-02 @ 21:18 mhadley Added resolution to issue 4
2005-03-02 @ 20:30 mhadley Added resolution to issue 7
2005-03-02 @ 19:36 mhadley Added resolution to issues 22 and 51/
2005-02-28 @ 22:08 mhadley Added resolution to issues 24 and 26
2005-02-27 @ 19:42 mhadley Changed URI to IRI where appropriate.
2005-02-17 @ 15:37 mhadley Added issue 47 resolution
2005-02-15 @ 22:06 mhadley Fixed some references to message information headers to message information properties

B.2 Changes Since First Working Draft

Date Editor Description
2005-02-01 @ 19:49 mhadley Removed several occurances of the word 'identify' when used with endpoint references. Replaced with 'reference' or 'address' as appropriate.
2005-01-24 @ 20:22 mgudgin Removed spurious reference to section 3.3.2 from Section 3
2005-01-23 @ 21:11 mgudgin Incorporated resolution of issue i008; added wsa:Type attribute to reference parameters
2005-01-20 @ 13:10 mgudgin Removed text from first paragraph of section 3 per resolution of issue i040
2005-01-16 @ 22:41 mgudgin s/PortType/InterfaceName in certain examples
2004-12-16 @ 18:20 mhadley Added resolution to issue 19 - WSDL version neutrality
2004-12-16 @ 16:50 mhadley Added issue 33 resolution
2004-12-14 @ 20:10 mhadley Switched back to edcopy formatting
2004-12-14 @ 20:02 mhadley Enhanced auto-changelog generation to allow specification of data ranges for logs. Split change log to show changes between early draft and first working draft and changes since first working draft.
2004-12-14 @ 18:13 mhadley Added resolutions for issues 12 (EPR lifecycle), 37 (relationship from QName to URI) and 39 (spec name versioning)

<a name="id2272412" id="id2272412"> B.2 B.3 Changes Since Submission

Date Editor Description
2004-11-24 @ 15:32 mhadley Added note that addressing is backwards compatible with SOAP 1.1
2004-11-23 @ 21:38 mhadley Updated titles of examples. Fixed table formatting and references. Replaced uuid URIs with http URIs in examples. Added document status.
2004-11-07 @ 02:03 mhadley Second more detailed run through to separate core, SOAP and WSDL document contents. Removed dependency on WS-Policy. Removed references to WS-Trust and WS-SecurityPolicy
2004-11-02 @ 22:25 mhadley Removed static change log and added dynamically generated change log from cvs.
2004-10-28 @ 17:05 mhadley Initial cut of separating specification into core, soap and wsdl