Abstract
This document defines the WS-I Basic Profile 1.2, consisting
of a set of non-proprietary Web services specifications, along with clarifications,
refinements, interpretations and amplifications of those specifications which promote
interoperability
Status of this Document
This document is a Working
Group Approval Draft; it is an intermediate document that has
been approved for publication by the Working Group. It is a
work in progress, and should not be considered as final; other
documents may supersede this document.
Notice
The material contained herein is not a license, either expressly or
impliedly, to any intellectual property owned or controlled by any of
the authors or developers of this material or WS-I. The material
contained herein is provided on an "AS IS" basis and to the maximum
extent permitted by applicable law, this material is provided AS IS
AND WITH ALL FAULTS, and the authors and developers of this material
and WS-I hereby disclaim all other warranties and conditions, either
express, implied or statutory, including, but not limited to, any (if
any) implied warranties, duties or conditions of merchantability, of
fitness for a particular purpose, of accuracy or completeness of
responses, of results, of workmanlike effort, of lack of viruses, and
of lack of negligence. ALSO, THERE IS NO WARRANTY OR CONDITION OF
TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO
DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THIS MATERIAL.
IN NO EVENT WILL ANY AUTHOR OR DEVELOPER OF THIS MATERIAL OR WS-I
BE LIABLE TO ANY OTHER PARTY FOR THE COST OF PROCURING SUBSTITUTE
GOODS OR SERVICES, LOST PROFITS, LOSS OF USE, LOSS OF DATA, OR ANY
INCIDENTAL, CONSEQUENTIAL, DIRECT, INDIRECT, OR SPECIAL DAMAGES
WHETHER UNDER CONTRACT, TORT, WARRANTY, OR OTHERWISE, ARISING IN ANY
WAY OUT OF THIS OR ANY OTHER AGREEMENT RELATING TO THIS MATERIAL,
WHETHER OR NOT SUCH PARTY HAD ADVANCE NOTICE OF THE POSSIBILITY OF
SUCH DAMAGES.
Feedback
The Web Services-Interoperability Organization (WS-I)
would like to receive input, suggestions and other
feedback ("Feedback") on this work from a wide variety of
industry participants to improve its quality over time.
By sending email, or otherwise communicating with WS-I, you (on
behalf of yourself if you are an individual, and your company if
you are providing Feedback on behalf of the company) will be
deemed to have granted to WS-I, the members of WS-I, and other
parties that have access to your Feedback, a non-exclusive,
non-transferable, worldwide, perpetual, irrevocable, royalty-free
license to use, disclose, copy, license, modify, sublicense or
otherwise distribute and exploit in any manner whatsoever the
Feedback you provide regarding the work. You acknowledge that you
have no expectation of confidentiality with respect to any
Feedback you provide. You represent and warrant that you have
rights to provide this Feedback, and if you are providing Feedback
on behalf of a company, you represent and warrant that you have
the rights to provide Feedback on behalf of your company. You also
acknowledge that WS-I is not required to review, discuss, use,
consider or in any way incorporate your Feedback into future
versions of its work. If WS-I does incorporate some or all of your
Feedback in a future version of the work, it may, but is not
obligated to include your name (or, if you are identified as
acting on behalf of your company, the name of your company) on a
list of contributors to the work. If the foregoing is not
acceptable to you and any company on whose behalf you are acting,
please do not provide any Feedback.
Feedback on this document should be directed to wsbasic_comment@ws-i.org.
Table of Contents
1. Introduction
1.1. Relationships to Other Profiles
1.2. Guiding Principles
1.3. Compatibility with Basic Profile 1.1
1.4. Notational Conventions
1.5. Profile Identification and Versioning
2. Profile Conformance
2.1. Conformance Requirements
2.2. Conformance Targets
2.3. Conformance Scope
2.4. Claiming Conformance
3. Messaging
3.1. Message Serialization
3.1.1. XML Envelope Serialization
3.1.2. Unicode BOMs
3.1.3. XML Declarations
3.1.4. Character Encodings
3.1.5. XOP Encoded Messages
3.2. SOAP Envelopes
3.2.1. SOAP Envelope Structure
3.2.2. SOAP Envelope Namespace
3.2.3. SOAP Body Namespace Qualification
3.2.4. Disallowed Constructs
3.2.5. SOAP Trailers
3.2.6. SOAP encodingStyle Attribute
3.2.7. SOAP mustUnderstand Attribute
3.2.8. xsi:type Attributes
3.2.9. SOAP1.1 attributes on SOAP1.1 elements
3.3. SOAP Processing Model
3.3.1. Mandatory Headers
3.3.2. Generating mustUnderstand Faults
3.3.3. SOAP Fault Processing
3.4. SOAP Faults
3.4.1. Identifying SOAP Faults
3.4.2. SOAP Fault Structure
3.4.3. SOAP Fault Namespace Qualification
3.4.4. SOAP Fault Extensibility
3.4.5. SOAP Fault Language
3.4.6. SOAP Custom Fault Codes
3.4.7. SOAP Defined Faults Action URI
3.4.8. SOAP MustUnderstand or VersionMismatch fault Transmission
3.5. Use of WS-Addressing MAPs
3.5.1. Use of wsa:Action and WS-Addressing 1.0 Metadata
3.5.2. Understanding WS-Addressing SOAP Header Blocks
3.5.3. Valid Range of Values for SOAPAction When WS-Addressing is Used
3.6. Use of SOAP in HTTP
3.6.1. HTTP Protocol Binding
3.6.2. HTTP Methods and Extensions
3.6.3. SOAPAction HTTP Header
3.6.4. HTTP Success Status Codes
3.6.5. HTTP Redirect Status Codes
3.6.6. HTTP Client Error Status Codes
3.6.7. HTTP Server Error Status Codes
3.6.8. HTTP Cookies
3.6.9. Use of Non-Anoymous Reponse EPR in a Request-Response Operation
4. Service Description
4.1. Required Description
4.2. Document Structure
4.2.1. WSDL Schema Definitions
4.2.2. WSDL and Schema Import
4.2.3. WSDL Import location Attribute Structure
4.2.4. WSDL Import location Attribute Semantics
4.2.5. Placement of WSDL import Elements
4.2.6. XML Version Requirements
4.2.7. XML Namespace Declarations
4.2.8. WSDL and the Unicode BOM
4.2.9. Acceptable WSDL Character Encodings
4.2.10. Namespace Coercion
4.2.11. WSDL documentation Element
4.2.12. WSDL Extensions
4.3. Types
4.3.1. QName References
4.3.2. Schema targetNamespace Structure
4.3.3. soapenc:Array
4.3.4. WSDL and Schema Definition Target Namespaces
4.3.5. Multiple GED Definitions with the same QName
4.3.6. Multiple Type Definitions with the same QName
4.4. Messages
4.4.1. Bindings and Parts
4.4.2. Bindings and Faults
4.4.3. Unbound portType Element Contents
4.4.4. Declaration of part Elements
4.5. Port Types
4.5.1. Ordering of part Elements
4.5.2. Allowed Operations
4.5.3. Distinctive Operations
4.5.4. parameterOrder Attribute Construction
4.5.5. Exclusivity of type and element Attributes
4.6. Bindings
4.6.1. Use of SOAP Binding
4.7. SOAP Binding
4.7.1. Specifying the transport Attribute
4.7.2. HTTP Transport
4.7.3. Consistency of style Attribute
4.7.4. Encodings and the use Attribute
4.7.5. Multiple Bindings for portType Elements
4.7.6. Operation Signatures
4.7.7. Multiple Ports on an Endpoint
4.7.8. Child Element for Document-Literal Bindings
4.7.9. One-Way Operations
4.7.10. Namespaces for soapbind Elements
4.7.11. Consistency of portType and binding Elements
4.7.12. Describing headerfault Elements
4.7.13. Enumeration of Faults
4.7.14. Type and Name of SOAP Binding Elements
4.7.15. name Attribute on Faults
4.7.16. Omission of the use Attribute
4.7.17. Default for use Attribute
4.7.18. Consistency of Envelopes with Descriptions
4.7.19. Response Wrappers
4.7.20. Part Accessors
4.7.21. Namespaces for Children of Part Accessors
4.7.22. Required Headers
4.7.23. Allowing Undescribed Headers
4.7.24. Ordering Headers
4.7.25. Describing SOAPAction
4.7.26. SOAP Binding Extensions
4.8. Use of XML Schema
5. Service Publication and Discovery
5.1. bindingTemplates
5.2. tModels
6. Security
6.1. Use of HTTPS
Appendix A: Referenced Specifications
Appendix B: Extensibility Points
Appendix C: Normative References
Appendix D: Defined Terms
Appendix E: Acknowledgements
1. Introduction
This document defines the WS-I Basic Profile 1.2
(hereafter, "Profile"), consisting of a set of non-proprietary
Web services specifications, along with clarifications, refinements,
interpretations and amplifications of those specifications which promote
interoperability.
Section 1 introduces the Profile, and explains its
relationships to other profiles.
Section 2, "Profile Conformance," explains what it means
to be conformant to the Profile.
Each subsequent section addresses a component of the
Profile, and consists of two parts; an overview detailing the
component specifications and their extensibility points,
followed by subsections that address individual parts of the
component specifications. Note that there is no relationship
between the section numbers in this document and those in the
referenced specifications.
1.1 Relationships to Other Profiles
This Profile is derived from the Basic Profile 1.1 by incorporating any errata to date and including those requirements
related to the serialization of envelopes and their representation in messages from the Simple SOAP Binding Profile 1.0.
This Profile is NOT intended to be composed with the Simple SOAP Binding Profile 1.0.
The Attachments Profile 1.0 adds support for SOAP with Attachments, and is intended to be used in combination with this Profile.
1.2 Guiding Principles
The Profile was developed according to a set of principles that, together,
form the philosophy of the Profile, as it relates to bringing about interoperability. This section
documents these guidelines.
- No guarantee of interoperability
- It is impossible to completely guarantee the interoperability of a particular service. However, the
Profile does address the most common problems that implementation experience has
revealed to date.
- Application semantics
- Although communication of application semantics can be facilitated by the technologies that
comprise the Profile,
assuring the common understanding of those semantics is not addressed by it.
- Testability
- When possible, the Profile makes statements that are testable. However,
such testability is not required. Preferably,
testing is achieved in a non-intrusive manner (e.g., examining artifacts "on the wire").
- Strength of requirements
- The Profile makes strong requirements (e.g., MUST, MUST NOT) wherever
feasible; if there are legitimate cases where such a requirement cannot be met,
conditional requirements (e.g., SHOULD, SHOULD NOT) are used. Optional and conditional
requirements introduce ambiguity and mismatches between
implementations.
- Restriction vs. relaxation
- When amplifying the requirements of referenced specifications, the Profile may
restrict them, but does not relax them (e.g., change a MUST to a MAY).
- Multiple mechanisms
- If a referenced specification allows multiple mechanisms to be used interchangeably,
the Profile selects those that are well-understood, widely implemented and useful.
Extraneous or underspecified mechanisms and extensions introduce complexity and
therefore reduce interoperability.
- Future compatibility
- When possible, the Profile aligns its requirements with in-progress revisions
to the specifications it references. This aids implementers
by enabling a graceful transition, and assures that WS-I does not 'fork' from these efforts.
When the Profile cannot
address an issue in a specification it references, this information is communicated to the
appropriate body to assure its consideration.
- Compatibility with deployed services
- Backwards compatibility with deployed Web services is not a
goal for the Profile, but due consideration is given to it; the Profile does not introduce
a change to the requirements of a referenced specification unless doing so addresses
specific interoperability issues.
- Focus on interoperability
- Although there are potentially a number of inconsistencies and design flaws
in the referenced specifications, the Profile only addresses those that affect
interoperability.
- Conformance targets
- Where possible, the Profile places requirements on artifacts (e.g., WSDL
descriptions, SOAP messages) rather than the producing or consuming software's behaviors
or roles. Artifacts are concrete, making them easier to verify and therefore making
conformance easier to understand and less error-prone.
- Lower-layer interoperability
- The Profile speaks to interoperability at the application layer; it assumes that
interoperability of lower-layer protocols (e.g., TCP, IP, Ethernet) is adequate and
well-understood. Similarly, statements about application-layer substrate protocols
(e.g., SSL/TLS, HTTP) are only made when there is an issue affecting Web services
specifically; WS-I does not attempt to assure the interoperability of these protocols
as a whole. This assures that WS-I's expertise in and focus on Web services
standards is used effectively.
1.3 Compatibility with Basic Profile 1.1
There are a few requirements in the Basic Profile 1.2 that may present compatibility issues with clients, services and their artifacts that have been
engineered for Basic Profile 1.1 conformance. However, in general, the Basic Profile WG members have tried to preserve as much forwards and backwards
compatibility with the Basic Profile 1.1 as possible so as not to disenfranchise clients, services and their artifacts that have been deployed in conformance
with the Basic Profile 1.1.
We use the term 'backward compatible' to mean that an artifact, client or service that is conformant to the Basic Profile 1.1 will behave consistently with an implementation that is conformant with the Basic Profile 1.2. We use the term 'forward compatible' to mean that an artifact, client or service that is conformant with the Basic Profile 1.2 specification will be consistent with that of an implementation that is conformant with the Basic Profile 1.1.
We have attempted to capture all known potential backwards and forwards compatibility issues below:
- Requirement R2714 might present backward compatible interoperability issues when a Basic Profile 1.1 client is not prepared for the possibility that a SOAP envelope might be included in the HTTP response message for a one-way WSDL operation.
- Requirement R1143 might present forward compatible interoperability issues, when a Basic Profile 1.2 conformant client invokes a Basic Profile 1.1 conformant service but does not include a soap:mustUnderstand attribute with a value of '1' on any WS-Addressing headers included in the request messages. In such a scenario the Basic Profile 1.2 conformant client should be prepared to receive the response SOAP message in the HTTP response of the same HTTP connection that carried the original request, even when the
wsa:Address value in the wsa:ReplyTo or wsa:FaultTo header block of the request message is not the WS-Addressing anonymous URI.
- Requirement R2710 might present forward compatible interoperability issues for WSDL editors, code generators and runtimes that depend on the Basic Profile 1.1 definition of "operation signature".
The list above is not meant to be authoritative.
As noted above, some requirements may present issues of a forward or backward compatible nature with previously published versions of the
profile. For convenience, such requirements and associated definitions are annotated in the following manner: Compat
1.4
Notational Conventions
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119.
Normative statements of requirements in the Profile (i.e., those
impacting conformance, as outlined in "Conformance Requirements") are
presented in the following manner:
RnnnnStatement
text here.
where "nnnn" is replaced by a number that is unique among the
requirements in the Profile, thereby forming a unique requirement
identifier.
Requirement identifiers can be considered to be namespace
qualified, in such a way as to be compatible with QNames from Namespaces in XML. If
there is no explicit namespace prefix on a requirement's identifier
(e.g., "R9999" as opposed to "bp10:R9999"), it should be interpreted
as being in the namespace identified by the conformance URI of the
document section it occurs in. If it is qualified, the prefix should
be interpreted according to the namespace mappings in effect, as
documented below.
Some requirements clarify the referenced specification(s), but do not
place additional constraints upon implementations. For convenience,
clarifications are annotated in the following manner: C
Some requirements are derived from ongoing standardization work on
the referenced specification(s). For convenience, such forward-derived
statements are annotated in the following manner: xxxx, where "xxxx" is an identifier
for the specification (e.g., "WSDL20" for WSDL Version 2.0). Note that
because such work was not complete when this document was published,
the specification that the requirement is derived from may change;
this information is included only as a convenience to
implementers.
As noted above, some requirements may present compatibility issues
(whether forwards or backwards) with previously published versions of the
profile. For convenience, such requirements are annotated in the following
manner: Compat
Extensibility points in underlying specifications (see "Conformance Scope") are presented in a similar
manner:
EnnnnExtensibility
Point Name - Description
where "nnnn" is replaced by a number that is unique among the extensibility
points in the Profile. As with requirement statements, extensibility statements
can be considered namespace-qualified.
This specification uses a number of namespace prefixes throughout;
their associated URIs are listed below. Note that the choice of any
namespace prefix is arbitrary and not semantically significant.
-
soap - "http://schemas.xmlsoap.org/soap/envelope/"
-
xsi - "http://www.w3.org/2001/XMLSchema-instance"
-
xsd - "http://www.w3.org/2001/XMLSchema"
-
soapenc - "http://schemas.xmlsoap.org/soap/encoding/"
-
wsdl - "http://schemas.xmlsoap.org/wsdl/"
-
soapbind - "http://schemas.xmlsoap.org/wsdl/soap/"
-
uddi - "urn:uddi-org:api_v2"
-
wsa - "http://www.w3.org/2005/08/addressing"
-
xop - "http://www.w3.org/2004/08/xop/include"
1.5
Profile Identification and Versioning
This document is identified by a name (in this case, Basic Profile) and
a version number (here, 1.2). Together, they identify a
particular profile instance.
Version numbers are composed of a major and minor portion, in the form
"major.minor". They can be used to determine the precedence of a
profile instance; a higher version number (considering both the major
and minor components) indicates that an instance is more recent, and
therefore supersedes earlier instances.
Instances of profiles with the same name (e.g., "Example
Profile 1.1" and "Example Profile 5.0") address interoperability
problems in the same general scope (although some developments may
require the exact scope of a profile to change between instances).
One can also use this information to determine whether two instances of
a profile are backwards-compatible; that is, whether one can assume
that conformance to an earlier profile instance implies conformance to a later
one. Profile instances with the same name and major version number (e.g.,
"Example Profile 1.0" and "Example Profile 1.1") MAY be considered
compatible. Note that this does not imply anything about compatibility
in the other direction; that is, one cannot assume that conformance
with a later profile instance implies conformance to an earlier one.
Conformance to the Profile is defined by adherence to the
set of requirements defined for a specific
target, within the scope of the
Profile. This section explains these terms and describes how
conformance is defined and used.
Requirements state the criteria for conformance to the
Profile. They typically refer to an existing specification and
embody refinements, amplifications, interpretations and
clarifications to it in order to improve interoperability. All
requirements in the Profile are considered normative, and those
in the specifications it references that are in-scope (see
"Conformance Scope") should likewise be considered normative.
When requirements in the Profile and its referenced
specifications contradict each other, the Profile's
requirements take precedence for purposes of Profile
conformance.
Requirement levels, using RFC2119 language (e.g.,
MUST, MAY, SHOULD) indicate the nature of the requirement and its
impact on conformance. Each requirement is individually identified
(e.g., R9999) for convenience.
For example;
R9999 Any WIDGET SHOULD be round in shape.
This requirement is identified by "R9999", applies to the
target WIDGET (see below), and places a conditional
requirement upon widgets; i.e., although this requirement must
be met to maintain conformance in most cases, there are some
situations where there may be valid reasons for it not being
met (which are explained in the requirement itself, or in its
accompanying text).
Each requirement statement contains exactly one requirement level
keyword (e.g., "MUST") and one conformance target keyword (e.g.,
"MESSAGE"). The conformance target keyword appears in bold text (e.g. "MESSAGE"). Other conformance targets appearing in non-bold text are being used strictly for their definition and NOT as a conformance target. Additional text may
be included to illuminate a requirement or group of
requirements (e.g., rationale and examples); however, prose
surrounding requirement statements must not be considered in
determining conformance.
Definitions of terms in the Profile are considered
authoritative for the purposes of determining
conformance.
None of the requirements in the Profile, regardless of
their conformance level, should be interpreted as limiting the
ability of an otherwise conforming implementation to apply
security countermeasures in response to a real or perceived
threat (e.g., a denial of service attack).
Conformance targets identify what artifacts (e.g.,
SOAP message, WSDL description, UDDI registry data) or
parties (e.g., SOAP processor, end user) requirements
apply to.
This allows for the definition of conformance in
different contexts, to assure unambiguous interpretation
of the applicability of requirements, and to allow
conformance testing of artifacts (e.g., SOAP messages and
WSDL descriptions) and the behavior of various parties to
a Web service (e.g., clients and service instances).
Requirements' conformance targets are physical
artifacts wherever possible, to simplify testing and avoid
ambiguity.
The following conformance targets are used in the Profile:
-
MESSAGE
- protocol elements that transport the ENVELOPE (e.g., SOAP/HTTP messages)
-
ENVELOPE
- the serialization of the soap:Envelope element and its content
-
DESCRIPTION
- descriptions of types, messages, interfaces and their concrete protocol and data format bindings, and the network access points associated with Web services (e.g., WSDL descriptions)
-
INSTANCE
- software that implements a wsdl:port or a uddi:bindingTemplate
-
CONSUMER
- software that invokes an INSTANCE
-
SENDER
- software that generates a message according to the protocol(s) associated with it
-
RECEIVER
- software that consumes a message according to the protocol(s) associated with it (e.g., SOAP processors)
-
REGDATA
- registry elements that are involved in the registration and discovery of Web services (e.g. UDDI tModels)
-
SIMPLE_SOAP_MESSAGE
- A MESSAGE that has as an entity-body that has a 'Content-Type' HTTP header field with a field-value of 'text/xml'
-
XOP_ENCODED_MESSAGE
- A MESSAGE that has an entity-body that has a 'Content-Type' HTTP header field with a field-value of 'multipart/related' with a type parameter of 'application/xop+xml'
The scope of the Profile delineates the technologies
that it addresses; in other words, the Profile only attempts
to improve interoperability within its own scope.
Generally, the Profile's scope is bounded by the
specifications referenced by it.
The Profile's scope is further refined by extensibility
points. Referenced specifications often provide extension
mechanisms and unspecified or open-ended configuration
parameters; when identified in the Profile as an
extensibility point, such a mechanism or parameter is
outside the scope of the Profile, and its use or non-use
is not relevant to conformance.
Note that the Profile may still place requirements on
the use of an extensibility point. Also, specific uses of
extensibility points may be further restricted by other
profiles, to improve interoperability when used in
conjunction with the Profile.
Because the use of extensibility points may impair
interoperability, their use should be negotiated or
documented in some fashion by the parties to a Web
service; for example, this could take the form of an
out-of-band agreement.
The Profile's scope is defined by the referenced
specifications in Appendix A, as refined by the
extensibility points in Appendix B.
Claims of conformance to the Profile can be made using the following
mechanisms, as described in Conformance Claim Attachment Mechanisms,
when the applicable Profile requirements associated
with the listed targets have been met:
-
WSDL 1.1 Claim Attachment Mechanism for Web Services Instances - MESSAGE DESCRIPTION INSTANCE RECEIVER
-
WSDL 1.1 Claim Attachment Mechanism for Description Constructs - DESCRIPTION
-
UDDI Claim Attachment Mechanism for Web Services Instances - MESSAGE DESCRIPTION INSTANCE RECEIVER
-
UDDI Claim Attachment Mechanism for Web Services Registrations - REGDATA
The conformance claim URI for this Profile is "http://ws-i.org/profiles/basic/1.2"
.
3. Messaging
This section of the Profile incorporates the following
specifications by reference, and defines extensibility points within
them:
-
Simple Object Access Protocol (SOAP) 1.1
Extensibility points:
-
E0001 - Header blocks - Header blocks are the fundamental extensibility mechanism in SOAP.
-
E0002 - Processing order - The order of processing of a SOAP envelope's components (e.g., headers) is unspecified, and therefore may need to be negotiated out-of-band.
-
E0003 - Use of intermediaries - SOAP Intermediaries is an underspecified mechanism in SOAP 1.1, and their use may require out-of-band negotiation. Their use may also necessitate careful consideration of where Profile conformance is measured.
-
E0004 - soap:actor values - Values of the soap:actor attribute, other than the special uri 'http://schemas.xmlsoap.org/soap/actor/next' , represent a private agreement between parties of the web service.
-
E0005 - Fault details - the contents of a Fault's detail element are not prescribed by SOAP 1.1.
-
E0006 - Envelope serialization - The Profile does not constrain some aspects of how the envelope is serialized into the message.
-
E0026 - SOAP envelope in HTTP response message to WSDL one-way operation - The SOAP1.1 Request Optional Response Binding specification does not specify the purpose or processing of such envelopes.
-
RFC2616: Hypertext Transfer Protocol -- HTTP/1.1
Extensibility points:
-
E0007 - HTTP Authentication - HTTP authentication allows for extension schemes, arbitrary digest hash algorithms and parameters.
-
E0008 - Unspecified Header Fields - HTTP allows arbitrary headers to occur in messages.
-
E0009 - Expect-extensions - The Expect/Continue mechanism in HTTP allows for expect-extensions.
-
E0010 - Content-Encoding - The set of content-codings allowed by HTTP is open-ended and any besides 'gzip', 'compress', or 'deflate' are an extensibility point.
-
E0011 - Transfer-Encoding - The set of transfer-encodings allowed by HTTP is open-ended.
-
E0012 - Upgrade - HTTP allows a connection to change to an arbitrary protocol using the Upgrade header.
-
E0024 - Namespace Attributes - Namespace attributes on soap:Envelope and soap:Header elements
-
E0025 - Attributes on soap:Body elements - Neither namespaced nor local attributes are constrained by SOAP 1.1.
-
E0029 - Use of messages other than SOAP1.1 or XOP messages - Use of Messages other than a SIMPLE_SOAP_MESSAGE or a XOP_ENCODED_MESSAGE is an extensibility point
-
RFC2965: HTTP State Management Mechanism
-
WS-Addressing 1.0 - Core
-
WS-Addressing 1.0 - SOAP Binding (except for sections 2, 3, 5.1.2, 5.2.2 and 6.1)
Extensibility points:
-
E0027 - Use of soap:actor and WS-Addressing - WS-Addressing allows multiple instances of headers such as wsa:To, wsa:ReplyTo, and wsa:FaultTo, so long as they are targeted to different SOAP roles.
-
E0028 - Endpoint references are extensible - When extension attributes or elements appear as part of an endpoint reference, the processing model for such extensions is defined by the specification for those extensions.
-
WS-Addressing 1.0 - Metadata (except for sections 3.1.1, 3.2.1, 3.3, 4.1.1, 4.4.2, 4.4.3 and 5.2)
-
SOAP 1.1 Request Optional Response HTTP Binding
-
SOAP Message Transmission Optimization Mechanism
-
XML-Binary Optimized Packaging
-
SOAP 1.1 Binding for MTOM 1.0
3.1 Message Serialization
The profile is intended to compose with mechanisms currently under development to describe whether messages are encoded as SIMPLE_SOAP_MESSAGEs or XOP_ENCODED_MESSAGEs. As such it does not mandate that both of those encodings be supported for any given operation. Indeed, neither of these encodings need be supported if an alternate encoding such as that described in the Attachments Profile 1.0 is used.
SOAP 1.1 defines an XML structure for transmitting messages, the envelope.
The Profile places the following constraints on the use and serialization of the soap:Envelope element and its content:
This section of the Profile incorporates the following
specifications by reference:
3.1.1 XML Envelope Serialization
R9701
An ENVELOPE MUST be serialized as XML 1.0.
3.1.2 Unicode BOMs
XML 1.0 allows UTF-8 encoding to include a BOM; therefore, receivers of envelopes
must be prepared to accept them. The BOM is mandatory for XML encoded as UTF-16.
R4001
A RECEIVER MUST accept envelopes that include the Unicode Byte Order Mark (BOM).C
3.1.3 XML Declarations
Presence or absence of an XML declaration does not affect interoperability.
Certain implementations might always precede their XML serialization with
the XML declaration.
R1010
A RECEIVER MUST accept messages with envelopes that contain an XML Declaration.
C
3.1.4 Character Encodings
The Profile requires XML processors to support the "UTF-8" and
"UTF-16" character encodings, in order to aid interoperability.
As a consequence of this, in conjunction with SOAP 1.1's requirement to use
the "text/xml" media type (which has a default character encoding of
"us-ascii") on envelopes, the "charset" parameter must always be present
on the envelope's content-type. A further consequence of this is that the
encoding pseudo-attribute of XML declaration within the message is always
ignored, in accordance with the requirements of both XML 1.0 and RFC3023, "XML Media Types".
The "charset" parameter of Content-Type HTTP header field must be used to determine the correct character encoding of the message, in absence of a "charset" parameter, the default value for charset (which is "us-ascii") must be used.
R1012
An ENVELOPE MUST be serialized using either UTF-8 or UTF-16 character encoding.
R1018
A SIMPLE_SOAP_MESSAGE MUST indicate the correct character encoding, using the "charset" parameter.
C
R1019
A RECEIVER MUST ignore the encoding pseudo-attribute of the envelope's XML declaration.
3.1.5 XOP Encoded Messages
There is pervasive implementation that is apparently encoding the action parameter as a separate parameter of the enclosing MIME multipart/related
entity body's Content-Type header. The multipart/related media type specification does not include an action parameter, though it does permit
extensibility. Thus, the action parameter on the multipart/related
Content-Type header has no defined semantic. The correct encoding is to include
the action parameter inside the start-info parameter of the enclosing MIME multipart/related entity body as well as inside the type parameter of the root part.
R1020
A XOP_ENCODED_MESSAGE MUST include the start-info parameter in the
Content-Type header of the enclosing multipart/related MIME entity body.
R1021
A XOP_ENCODED_MESSAGE SHOULD include the full value of the type parameter
from the root entity body part inside the start-info parameter of the enclosing
multipart/related MIME entity body part's Content-Type header.
R1022
A RECEIVER MUST accept a XOP encoded message that has the action parameter,
associated with the SOAP message, encoded inside the
start-info parameter on the Content-Type header of the enclosing multipart/related
MIME entity body.
R1023
A RECEIVER MAY accept a XOP encoded message that has the action parameter,
associated with the SOAP message, encoded as a separate parameter on the
Content-Type header of the enclosing multipart/related
MIME entity body.
For example,
INCORRECT:
MIME-Version: 1.0
Content-Type: Multipart/Related;boundary=MIME_boundary;
type="application/xop+xml";
start="<mymessage.xml@example.org>";
start-info="application/soap+xml"; action="ProcessData"
--MIME_boundary
Content-Type: application/xop+xml;
charset=UTF-8;
type="application/soap+xml; action=\"ProcessData\""
Content-Transfer-Encoding: 8bit
Content-ID: <mymessage.xml@example.org>
[...]
CORRECT:
MIME-Version: 1.0
Content-Type: Multipart/Related;boundary=MIME_boundary;
type="application/xop+xml";
start="<mymessage.xml@example.org>";
start-info="application/soap+xml; action=\"ProcessData\""
Content-Description: A SOAP message with my pic and sig in it
--MIME_boundary
Content-Type: application/xop+xml;
charset=UTF-8;
type="application/soap+xml; action=\"ProcessData\""
Content-Transfer-Encoding: 8bit
Content-ID: <mymessage.xml@example.org>
[...]
3.2 SOAP Envelopes
This section of the Profile incorporates the following
specifications by reference:
SOAP 1.1 defines a structure for composing messages, the envelope.
The Profile mandates the use of that structure, and places the following constraints on its use:
3.2.1 SOAP Envelope Structure
R9980
An ENVELOPE MUST conform to the structure specified in SOAP 1.1 Section 4, "SOAP Envelope" (subject
to amendment by the Profile).
R9981
An ENVELOPE MUST have exactly zero or one child elements of the soap:Body element.
While the combination of R2201 and R2210 (below) clearly imply that there may be at most one child element of the soap:Body, there is no explicit requirement in the Profile that articulates this constraint, leading to some confusion.
3.2.2 SOAP Envelope Namespace
SOAP 1.1 states that an envelope with a
document element whose namespace name is other than
"http://schemas.xmlsoap.org/soap/envelope/" should
be discarded. The Profile requires that a fault
be generated instead, to assure unambiguous operation.
R1015
A RECEIVER MUST generate a fault if they encounter an envelope whose document
element is not soap:Envelope.
3.2.3 SOAP Body Namespace Qualification
The use of unqualified element names may cause naming conflicts, therefore
qualified names must be used for the children of soap:Body.
R1014
The children of the soap:Body element in an ENVELOPE MUST
be namespace qualified.
3.2.4 Disallowed Constructs
XML DTDs and PIs may introduce security vulnerabilities, processing overhead and
semantic ambiguity when used in envelopes. As a result, certain
XML constructs are disallowed by section 3 of SOAP 1.1.
Although published errata NE05 (see http://www.w3.org/XML/xml-names-19990114-errata) allows the namespace declaration xmlns:xml="http://www.w3.org/XML/1998/namespace" to appear, some older processors considered such a declaration to be an error. These requirements ensure that conformant artifacts have the broadest interoperability possible.
R1008
An ENVELOPE MUST NOT contain a Document Type Declaration.
C
R1009
An ENVELOPE MUST NOT contain Processing Instructions.
C
R1033
An ENVELOPE SHOULD NOT contain the namespace declaration xmlns:xml="http://www.w3.org/XML/1998/namespace".
C
3.2.5 SOAP Trailers
The interpretation
of sibling elements following the soap:Body element is
unclear. Therefore, such elements are disallowed.
R1011
An ENVELOPE MUST NOT have any element children of
soap:Envelope following the soap:Body element.
This requirement clarifies a mismatch
between the SOAP 1.1 specification and the SOAP 1.1 XML Schema.
For example,
INCORRECT:
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' >
<soap:Body>
<p:Process xmlns:p='http://example.org/Operations' />
</soap:Body>
<m:Data xmlns:m='http://example.org/information' >
Here is some data with the message
</m:Data>
</soap:Envelope>
CORRECT:
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' >
<soap:Body>
<p:Process xmlns:p='http://example.org/Operations' >
<m:Data xmlns:m='http://example.org/information' >
Here is some data with the message
</m:Data>
</p:Process>
</soap:Body>
</soap:Envelope>
3.2.6 SOAP encodingStyle Attribute
The soap:encodingStyle attribute is used to indicate the use of a particular
scheme in the encoding of data into XML. However, this introduces complexity,
as this function can also be served by the use of XML Namespaces. As a result,
the Profile prefers the use of literal, non-encoded XML.
R1005
An ENVELOPE MUST NOT contain soap:encodingStyle
attributes on any of the elements whose namespace name is "http://schemas.xmlsoap.org/soap/envelope/".
R1006
An ENVELOPE MUST NOT contain soap:encodingStyle
attributes on any element that is a child of soap:Body.
R1007
An ENVELOPE described in an rpc-literal binding MUST NOT
contain soap:encodingStyle attribute on any element that is a grandchild of soap:Body.
3.2.7 SOAP mustUnderstand Attribute
The soap:mustUnderstand attribute has a restricted type of "xsd:boolean"
that takes only "0" or "1". Therefore, only those two values are allowed.
R1013
An ENVELOPE containing a
soap:mustUnderstand attribute MUST
only use the lexical forms "0" and "1".
C
3.2.8 xsi:type Attributes
In many cases, senders and receivers
will share some form of type information related
to the envelopes being exchanged.
R1017
A RECEIVER MUST NOT mandate the use of the
xsi:type attribute in
envelopes except as required in order to indicate a
derived type (see XML Schema Part 1: Structures,
Section 2.6.1).
3.2.9 SOAP1.1 attributes on SOAP1.1 elements
R1032
The soap:Envelope,
soap:Header, and soap:Body
elements in an ENVELOPE MUST NOT have attributes in the
namespace
"http://schemas.xmlsoap.org/soap/envelope/".
3.3 SOAP Processing Model
This section of the Profile incorporates the following
specifications by reference:
SOAP 1.1 defines a model for the processing of envelopes.
In particular, it defines rules for the processing of header blocks
and the envelope body. It also defines rules related to generation
of faults. The Profile places the following constraints on the processing
model:
3.3.1 Mandatory Headers
SOAP 1.1's processing model is underspecified with respect to the
processing of mandatory header blocks. Mandatory header blocks are
those children of the soap:Header element bearing a
soap:mustUnderstand attribute with a value of "1".
R1025
A RECEIVER MUST handle envelopes in such a way that it appears that
all checking of mandatory header blocks is performed before any
actual processing.
SOAP12
This requirement guarantees that no
undesirable side effects will occur as a result of
noticing a mandatory header block after processing other
parts of the message.
3.3.2 Generating mustUnderstand Faults
The Profile requires that receivers generate a fault when they
encounter header blocks targeted at them, that they do not understand.
R1027
A RECEIVER MUST generate a
"soap:MustUnderstand" fault when an envelope contains a
mandatory header block (i.e., one that has a soap:mustUnderstand
attribute with the value "1") targeted at the receiver (via
soap:actor) that the receiver does not
understand.SOAP12
3.3.3 SOAP Fault Processing
When a fault is generated, no further processing should be performed.
In request-response exchanges, a fault message will be transmitted
to the sender of the request, and some application level error
will be flagged to the user.
Both SOAP and this Profile use the term 'generate' to denote
the creation of a SOAP Fault. It is important to realize that generation of a Fault is distinct
from its transmission, which in some cases is not required.
R1028
When a fault is generated by a RECEIVER, further processing SHOULD NOT
be performed on the SOAP envelope aside from that which is necessary to rollback, or
compensate for, any effects of processing the envelope prior to the generation
of the fault.
SOAP12
R1029
Where the normal outcome of processing a SOAP
envelope would have resulted in the transmission of a
SOAP response, but rather a fault is generated
instead, a RECEIVER MUST transmit a fault
in place of the response.
R1030
A RECEIVER that generates a fault SHOULD
notify the end user that a fault has been
generated when practical, by whatever means is
deemed appropriate to the circumstance.
Note that there may be valid reasons (such as security considerations) why a fault may not be transmitted.
3.4 SOAP Faults
3.4.1 Identifying SOAP Faults
Some consumer implementations erroneously
use only the HTTP status code to determine the
presence of a Fault. Because there are situations
where the Web infrastructure changes the HTTP status
code, and for general reliability, the Profile
requires that they examine the envelope. A Fault is an
envelope that has a single child element of the
soap:Body element, that element being
a soap:Fault element.
R1107
A RECEIVER MUST interpret a SOAP message as a Fault when the soap:Body
of the message has a single soap:Fault child.
3.4.2 SOAP Fault Structure
The Profile restricts the content of the
soap:Fault element to those elements explicitly described
in SOAP 1.1.
R1000
When an ENVELOPE is a Fault, the soap:Fault element MUST NOT
have element children other than
faultcode, faultstring,
faultactor and
detail.
For example,
INCORRECT:
<soap:Fault xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' >
<faultcode>soap:Client</faultcode>
<faultstring>Invalid message format</faultstring>
<faultactor>http://example.org/someactor</faultactor>
<detail>There were <b>lots</b> of elements in the message
that I did not understand
</detail>
<m:Exception xmlns:m='http://example.org/faults/exceptions' >
<m:ExceptionType>Severe</m:ExceptionType>
</m:Exception>
</soap:Fault>
CORRECT:
<soap:Fault xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' >
<faultcode>soap:Client</faultcode>
<faultstring>Invalid message format</faultstring>
<faultactor>http://example.org/someactor</faultactor>
<detail>
<m:msg xmlns:m='http://example.org/faults/exceptions'>
There were <b>lots</b> of elements in
the message that I did not understand
</m:msg>
<m:Exception xmlns:m='http://example.org/faults/exceptions'>
<m:ExceptionType>Severe</m:ExceptionType>
</m:Exception>
</detail>
</soap:Fault>
3.4.3 SOAP Fault Namespace Qualification
The children of the soap:Fault element are
local to that element, therefore namespace qualification is unnecessary.
R1001
When an ENVELOPE is a Fault, the element children of the soap:Fault element MUST be unqualified.
For example,
INCORRECT:
<soap:Fault xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' >
<soap:faultcode>soap:Client</soap:faultcode>
<soap:faultstring>Invalid message format</soap:faultstring>
<soap:faultactor>http://example.org/someactor</soap:faultactor>
<soap:detail>
<m:msg xmlns:m='http://example.org/faults/exceptions'>
There were <b>lots</b> of elements in the message that
I did not understand
</m:msg>
</soap:detail>
</soap:Fault>
CORRECT:
<soap:Fault xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'
xmlns='' >
<faultcode>soap:Client</faultcode>
<faultstring>Invalid message format</faultstring>
<faultactor>http://example.org/someactor</faultactor>
<detail>
<m:msg xmlns:m='http://example.org/faults/exceptions'>
There were <b>lots</b> of elements in the message that
I did not understand
</m:msg>
</detail>
</soap:Fault>
3.4.4 SOAP Fault Extensibility
For extensibility, additional attributes are allowed to
appear on the detail element and additional
elements are allowed to appear as children of the detail
element.
R1002
A RECEIVER MUST accept faults that have any number of
elements, including zero, appearing as children of the
detail element. Such children can be qualified or
unqualified.
R1003
A RECEIVER MUST accept faults that have any number of
qualified or unqualified attributes, including zero, appearing on
the detail element. The namespace of qualified
attributes can be anything other than "http://schemas.xmlsoap.org/soap/envelope/".
3.4.5 SOAP Fault Language
Faultstrings are human-readable indications of the nature of a fault. As such, they may be in a particular language,
and therefore the xml:lang attribute can be used to
indicate the language of the faultstring.
Note that this requirement conflicts with the schema for SOAP
appearing at its namespace URL. A schema without conflicts can be found
at "http://ws-i.org/profiles/basic/1.1/soap-envelope-2004-01-21.xsd".
R1016
A RECEIVER MUST accept faults that carry an
xml:lang attribute on the
faultstring element.
3.4.6 SOAP Custom Fault Codes
SOAP 1.1 allows custom fault codes to appear
inside the faultcode element,
through the use of the "dot" notation.
Use of this mechanism to extend the meaning of
the SOAP 1.1-defined fault codes can lead to
namespace collision. Therefore, its use should be
avoided, as doing so may cause interoperability issues
when the same names are used in the right-hand side of
the "." (dot) to convey different meaning.
Instead, the Profile encourages the use of the
fault codes defined in SOAP 1.1, along with
additional information in the detail
element to convey the nature of the fault.
Alternatively, it is acceptable
to define custom fault codes in a namespace
controlled by the specifying authority.
A number of specifications have already
defined custom fault codes using the "." (dot) notation. Despite
this, their use in future specifications is
discouraged.
R1004
When an ENVELOPE contains a
faultcode element, the content of that
element SHOULD be either one of the fault codes defined in
SOAP 1.1 (supplying additional information if necessary in
the detail element), or a Qname whose
namespace is controlled by the fault's specifying
authority (in that order of preference).
R1031
When an ENVELOPE contains a
faultcode element the content of that element SHOULD NOT use of the SOAP 1.1 "dot"
notation to refine the meaning of the fault.
It is recommended that applications that require custom fault codes either use the
SOAP1.1 defined fault codes and supply additional information in the detail element, or that they
define these codes in a namespace that is controlled by the specifying authority.
For example,
INCORRECT:
<soap:Fault xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'
xmlns:c='http://example.org/faultcodes' >
<faultcode>soap:Server.ProcessingError</faultcode>
<faultstring>An error occurred while processing the message
</faultstring>
</soap:Fault>
CORRECT:
<soap:Fault xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'
xmlns:c='http://example.org/faultcodes' >
<faultcode>c:ProcessingError</faultcode>
<faultstring>An error occured while processing the message
</faultstring>
</soap:Fault>
CORRECT:
<soap:Fault xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' >
<faultcode>soap:Server</faultcode>
<faultstring>An error occured while processing the message
</faultstring>
</soap:Fault>
3.4.7 SOAP Defined Faults Action URI
WS-Addressing provides the URI http://www.w3.org/2005/08/addressing/soap/fault for "SOAP defined faults".
However, it only recommends, rather than mandate its use for the SOAP1.1 defined MustUnderstand and VersionMismatch faults.
This Profile mandates the use of the WS-Addressing defined wsa:Action value for SOAP1.1 defined MustUnderstand and VersionMismatch
faults, for interoperability.
R1035
An ENVELOPE MUST use the http://www.w3.org/2005/08/addressing/soap/fault URI as the value for the wsa:Action
element when present, for either of the SOAP1.1 defined VersionMismatch and MustUnderstand faults.
3.4.8 SOAP MustUnderstand or VersionMismatch fault Transmission
WS-Addressing does not violate the SOAP processing model, but in fact plays within the rules defined by the SOAP processing model.
Thus, regardless of the value of the wsa:ReplyTo or wsa:FaultTo, should a message generate either a SOAP MustUnderstand or
VersionMismatch fault, that fault SHOULD be transmitted to the sender of the message generating such fault on the HTTP response message.
Note that this is a SHOULD requirement, as there may be valid reasons why the fault is not transmitted at all.
R1036
A RECEIVER that receives a SOAP envelope that generates either a SOAP MustUnderstand or VersionMismatch fault
SHOULD transmit such a fault on the HTTP response message, regardless of the value of the wsa:ReplyTo or wsa:FaultTo
SOAP headers present in the message.
3.5 Use of WS-Addressing MAPs
This section of the Profile incorporates the following
specifications by reference:
When using WS-Addressing, the Profile requires conformance to WS-Addressing 1.0 - Core, WS-Addressing 1.0 - SOAP Binding and
WS-Addressing 1.0 - Metadata, Section 5.1 and places the following additional constraints.
WS-Addressing 1.0 - Metadata, Section 5.1 defines additional constraints on the cardinality of WS-Adressing Message Addressing
Properties defined in WS-Addressing 1.0 - Core. These constraints are defined for every message involved in WSDL 1.1 transmission primitives.
The Profile requires conformance to this section when WS-Addressing is used in conjunction with WSDL 1.1 description.
R1142
An ENVELOPE that includes a wsa:Action SOAP header block and which is described using WSDL 1.1 description MUST conform to
WS-Addressing 1.0 - Metadata, Section 5.1.
C
3.5.2 Understanding WS-Addressing SOAP Header Blocks
WS-Addressing 1.0 -- SOAP Binding defines multiple SOAP header blocks
(wsa:To, wsa:From, wsa:ReplyTo, wsa:FaultTo, wsa:Action, wsa:MessageID,
and wsa:RelatesTo). These SOAP header blocks are part of the same
module. A SOAP node that conforms to the Profile understands all of
these SOAP header blocks (when it understands WS-Addressing) or none at
all (when it does not understand WS-Addressing).
R1143
When a message contains multiple WS-Addressing SOAP header blocks with at least one of those header blocks containing a
soap:mustUnderstand='1' attribute, then a RECEIVER MUST understand all the WS-Addressing SOAP header blocks or none of them.
C
Compat
3.5.3 Valid Range of Values for SOAPAction When WS-Addressing is Used
There may be some confusion as regards to the range of valid values for SOAPAction when WS-Addressing is used, given
the SOAP 1.1 specification permits the use of relative URIs.
When composed with WS-Addressing, the valid range of values of SOAPAction should be limited to an absolute URI that matches the value
specified for wsa:Action. The empty string ("") is also allowed for special cases such as security considerations. For example, when the wsa:Action
header is encrypted, set SOAPAction to "" maybe a way to avoid leakage.
R1144
When wsa:Action MAP is present in an envelope, the containing HTTP request MESSAGE MUST specify a SOAPAction HTTP header
with either a value that is an absolute URI that has the same value as the value of the wsa:Action MAP, or a value of "" (empty string).
3.6 Use of SOAP in HTTP
This section of the Profile incorporates the following
specifications by reference:
SOAP 1.1 defines a single protocol binding, for HTTP. The
Profile mandates the use of that binding, and places the following
constraints on its use:
3.6.1 HTTP Protocol Binding
Several versions of HTTP are defined. HTTP/1.1 has
performance advantages, and is more clearly specified than HTTP/1.0.
R1141
A MESSAGE MUST be sent using either HTTP/1.1 or HTTP/1.0.
R1140
A MESSAGE SHOULD be sent using HTTP/1.1.
Note that support for HTTP/1.0 is implied in HTTP/1.1, and that intermediaries
may change the version of a message; for more information about HTTP
versioning, see RFC2145, "Use and Interpretation of HTTP Version Numbers."
3.6.2 HTTP Methods and Extensions
The SOAP1.1 specification defined its HTTP binding such that two possible methods
could be used, the HTTP POST method and the HTTP Extension Framework's M-POST
method. The Profile requires that only the HTTP POST method be used and precludes
use of the HTTP Extension Framework.
R1132
A HTTP request MESSAGE MUST use the
HTTP POST method.
R1108
A MESSAGE MUST NOT use the
HTTP Extension Framework (RFC2774).
The HTTP Extension Framework is an experimental mechanism for extending HTTP in a
modular fashion. Because it is not deployed widely and also because its benefits to the use of SOAP
are questionable, the Profile does not allow its use.
Testing has demonstrated that
requiring the SOAPAction HTTP header
field-value to be quoted increases interoperability of
implementations. Even though HTTP allows unquoted header field-values, some
SOAP implementations require that they be quoted.
SOAPAction is purely a hint to
processors. All vital information regarding the
intent of a message is carried in soap:Envelope.
R1109
The value of the
SOAPAction HTTP header field in a HTTP
request MESSAGE MUST be a quoted string. C
R1119
A RECEIVER MAY respond
with a fault if the value of the
SOAPAction HTTP header field in a message
is not quoted. C
R1127
A RECEIVER MUST NOT rely
on the value of the SOAPAction HTTP
header to correctly process the message.SOAP12
For example,
CORRECT:
A WSDL Description that has:
<soapbind:operation soapAction="foo" />
results in a message with a SOAPAction HTTP header field of:
SOAPAction: "foo"
CORRECT:
A WSDL Description that has:
<soapbind:operation />
or
<soapbind:operation soapAction="" />
results in a message with a corresponding SOAPAction HTTP header field
as follows:
SOAPAction: ""
3.6.4 HTTP Success Status Codes
HTTP uses the 2xx series of status codes to communicate success.
In particular, 200 is the default for successful messages, but 202 can be used
to indicate that a message has been submitted for processing. Additionally,
other 2xx status codes may be appropriate, depending on the nature of the HTTP
interaction.
R1124
An INSTANCE MUST use a 2xx HTTP status code on a response message
that indicates the successful outcome of a HTTP request.
R1111
An INSTANCE SHOULD use a "200 OK" HTTP status code on a response
message that contains an envelope that is not a fault.
R1112
An INSTANCE SHOULD use either a "200 OK" or "202 Accepted" HTTP
status code for a response message that does not contain a SOAP
envelope but indicates the successful outcome of a HTTP request.
Despite the fact that the HTTP 1.1 assigns different
meanings to response status codes "200" and "202", in the
context of the Profile they should be considered
equivalent by the initiator of the request. The Profile
accepts both status codes because some SOAP
implementations have little control over the HTTP
protocol implementation and cannot control which of these
response status codes is sent.
3.6.5 HTTP Redirect Status Codes
There are interoperability problems with using many of the HTTP
redirect status codes, generally surrounding whether to use the original
method, or GET. The Profile mandates "307 Temporary Redirect", which has the
semantic of redirection with the same HTTP method, as the correct status code
for redirection. For more information, see the 3xx status code descriptions in
RFC2616.
R1130
An INSTANCE
MUST use the "307 Temporary Redirect" HTTP status code when
redirecting a request to a different endpoint.
R1131
A
CONSUMER MAY automatically redirect a request when it encounters a
"307 Temporary Redirect" HTTP status code in a response.
RFC2616 notes that user-agents should not automatically
redirect requests; however, this requirement was aimed at browsers,
not automated processes (which many Web services will be). Therefore,
the Profile allows, but does not require, consumers to
automatically follow redirections.
3.6.6 HTTP Client Error Status Codes
HTTP uses the 4xx series of status codes to
indicate failure due to a client error. Although there are
a number of situations that may result in one of these
codes, the Profile highlights those when the HTTP request
does not have the proper media type, and when the
anticipated method ("POST") is not used.
R1125
An INSTANCE MUST use a 4xx HTTP status code for a response that
indicates a problem with the format of a request.
R1113
An INSTANCE SHOULD use a "400 Bad Request" HTTP status code, if a
HTTP request message is malformed.
R1114
An INSTANCE SHOULD use a "405 Method not Allowed" HTTP status code
if a HTTP request message's method is not "POST".
R1115
An INSTANCE SHOULD use a "415 Unsupported Media Type" HTTP status
code if a HTTP request message's Content-Type header field-value is not
permitted by its WSDL description.
Note that these requirements do not force an
instance to respond to requests. In some cases, such as
Denial of Service attacks, an instance may choose to
ignore requests.
Also note that SOAP 1.1, Section 6.2 requires that SOAP Fault can only be returned with HTTP 500 "Internal Server Error" code. This profile doesn't change that requirement. When HTTP 4xx error status code is used, the response message should not contain a SOAP Fault.
3.6.7 HTTP Server Error Status Codes
HTTP uses the 5xx series of status codes to indicate failure due
to a server error.
R1126
An INSTANCE MUST return a "500 Internal Server Error" HTTP status code if
the response envelope is a Fault.
3.6.8 HTTP Cookies
The HTTP State Management Mechanism ("Cookies") allows the creation
of stateful sessions between Web browsers and servers. Being designed
for hypertext browsing, Cookies do not have well-defined semantics for
Web services, and, because they are external to the envelope, are
not accommodated by either SOAP 1.1 or WSDL 1.1.
However, there are situations where it may be necessary to use
Cookies; e.g., for load balancing between servers, or for
integration with legacy systems that use Cookies. For these
reasons, the Profile limits the ways in which Cookies can be
used, without completely disallowing them.
R1120
An INSTANCE MAY use the HTTP state mechanism ("Cookies").
R1122
An INSTANCE using Cookies SHOULD conform to RFC2965.
R1121
An INSTANCE SHOULD NOT require consumer support for Cookies in order to function correctly.
R1123
The value of the cookie MUST be considered to be
opaque by the CONSUMER.
The Profile recommends that cookies not be required by instances for proper operation; they should be a hint, to be used
for optimization, without materially affecting the execution of the Web service. However, they may be required in legacy
integration and other exceptional use cases, so requiring them does not make an instance non-conformant. While Cookies
thus may have meaning to the instance, they should not be used as an out-of-bound data channel between the instance
and the consumer. Therefore, interpretation of Cookies is not allowed at all by the consumer - it is required to treat
them as opaque (i.e., have no meaning to the consumer).
3.6.9 Use of Non-Anoymous Reponse EPR in a Request-Response Operation
WS-Addressing response EPR (wsa:FaultTo and wsa:ReplyTo) values affect how and where the response message is sent in a Request-Response WSDL transmission primitive. Specifically:
- when the response EPR has an anonymous value for the
wsa:Address property, the response is sent in the entity body of the HTTP response message, as specified in SOAP 1.1 Section 6.
- when the response EPR has a non-anonymous value for the
wsa:Address property:
- MustUnderstand and VersionMismatch faults "when sent", are included in the entity body of the HTTP response message, as specified in SOAP 1.1 Section 6 and 4.1.2.
- All other response messages are sent in a separate HTTP connection to the destination specified by the appropriate (
wsa:FaultTo for faults and wsa:ReplyTo for non-fault messages) response EPR. Both the HTTP connections, for the request message and response message as described by the WSDL Request-Response operation, use the SOAP 1.1 Request Optional Response HTTP binding. The request message and the response message, as described by the WSDL Request-Response operation, are sent in the entity-body of the HTTP request in two separate connections.
R1150
If an INSTANCE sends a MustUnderstand or VersionMismatch fault generated as a result of an invocation of a Request-Response WSDL operation, it MUST send that fault in the entity body of HTTP response using the same HTTP connection as the request message of that operation.
R1151
If an INSTANCE sends a response which is neither a MustUnderstand nor VersionMismatch fault as a result of an invocation of a Request-Response WSDL operation and the response EPR has a non-anonymous wsa:Address value, then the response MUST be sent in the entity body of an HTTP request in a separate HTTP connection specified by the response EPR using the SOAP 1.1 Request Optional Response HTTP binding.
4. Service Description
The Profile uses Web Services Description Language (WSDL) to enable the description of services
as sets of endpoints operating on messages.
This section of the Profile incorporates the following
specifications by reference, and defines extensibility points within
them:
-
Extensible Markup Language (XML) 1.0 (Fourth Edition)
-
Namespaces in XML 1.0 (Second Edition)
-
XML Schema Part 1: Structures
Extensibility points:
-
E0017 - Schema annotations - XML Schema allows for annotations, which may be used to convey additional information about data structures.
-
XML Schema Part 2: Datatypes
-
Web Services Description Language (WSDL) 1.1
Extensibility points:
-
E0013 - WSDL extensions - WSDL allows extension elements and attributes in certain places, including the use and specification of alternate protocol binding extensions; use of such extensions requires out-of-band negotiation.
-
E0014 - Validation mode - whether the parser used to read WSDL and XML Schema documents performs DTD validation or not.
-
E0015 - Fetching of external resources - whether the parser used to read WSDL and XML Schema documents fetches external entities and DTDs.
-
E0016 - Relative URIs - WSDL does not adequately specify the use of relative URIs for the following: soapbind:body/@namespace, soapbind:address/@location, wsdl:import/@location, xsd:schema/@targetNamespace and xsd:import/@schemaLocation. Their use may require further coordination; see XML Base for more information.
4.1 Required Description
An instance of a Web service is required to
make the contract that it operates under available in some
fashion.
R0001
Either an INSTANCE's WSDL 1.1 description,
its UDDI binding template, or both MUST be available to an
authorized consumer upon request.
This means that if
an authorized consumer requests a service description of a
conformant service instance, then the service instance
provider must make the WSDL document, the UDDI binding
template, or both available to that consumer. A service
instance may provide run-time access to WSDL documents
from a server, but is not required to do so in order to be
considered conformant. Similarly, a service instance
provider may register the instance provider in a UDDI
registry, but is not required to do so to be considered
conformant. In all of these scenarios, the WSDL contract
must exist, but might be made available through a variety
of mechanisms, depending on the
circumstances.
4.2 Document Structure
This section of the Profile incorporates the following
specifications by reference:
WSDL 1.1 defines an XML-based structure for describing Web services. The Profile
mandates the use of that structure, and places the following constraints on its use:
4.2.1 WSDL Schema Definitions
The normative schemas for WSDL appearing in Appendix 4 of the WSDL 1.1 specification have inconsistencies with the normative text of the specification. The Profile references new schema documents that have incorporated fixes for known errors.
R2028
A DESCRIPTION using the WSDL namespace (prefixed "wsdl" in this Profile) MUST be valid according to the XML Schema found at "http://ws-i.org/profiles/basic/1.1/wsdl-2004-08-24.xsd".
R2029
A DESCRIPTION using the WSDL SOAP binding namespace (prefixed "soapbind" in this Profile) MUST be valid according to the XML Schema found at "http://ws-i.org/profiles/basic/1.1/wsdlsoap-2004-08-24.xsd".
Although the Profile requires WSDL descriptions to be Schema valid, it does not require consumers to validate WSDL documents.
It is the responsibility of a WSDL document's author to assure that it is Schema valid.
4.2.2 WSDL and Schema Import
Some examples in WSDL 1.1 incorrectly show the WSDL import statement being
used to import XML Schema definitions. The Profile clarifies use of the import mechanisms
to keep them consistent and confined to their respective domains. Imported schema documents are
also constrained by XML version and encoding requirements consistent to those of the importing
WSDL documents.
R2001
A DESCRIPTION MUST only use the WSDL "import" statement to import another WSDL description.
R2803
In a DESCRIPTION, the namespace attribute of the wsdl:import MUST NOT be a relative URI.
R2002
To import XML Schema Definitions, a DESCRIPTION MUST use the XML Schema "import" statement.
R2003
A DESCRIPTION MUST use the XML Schema "import" statement only within the xsd:schema
element of the types section.
R2004
In a DESCRIPTION the schemaLocation attribute of an xsd:import element MUST NOT resolve to any document whose
root element is not "schema" from the namespace "http://www.w3.org/2001/XMLSchema".
R2009
An XML Schema directly or indirectly imported by a DESCRIPTION MAY include the
Unicode Byte Order Mark (BOM).
R2010
An XML Schema directly or indirectly imported by a DESCRIPTION MUST use either
UTF-8 or UTF-16 encoding.
R2011
An XML Schema directly or indirectly imported by a DESCRIPTION MUST use version
1.0 of the eXtensible Markup Language W3C Recommendation.
For example,
INCORRECT:
<definitions name="StockQuote"
targetNamespace="http://example.com/stockquote/definitions"
xmlns:xsd1="http://example.com/stockquote/schemas"
...
xmlns="http://schemas.xmlsoap.org/wsdl/">
<import namespace="http://example.com/stockquote/schemas"
location="http://example.com/stockquote/stockquote.xsd"/>
<message name="GetLastTradePriceInput">
<part name="body" element="xsd1:TradePriceRequest"/>
</message>
...
</definitions>
CORRECT:
<definitions name="StockQuote"
targetNamespace="http://example.com/stockquote/definitions"
...
xmlns="http://schemas.xmlsoap.org/wsdl/">
<import namespace="http://example.com/stockquote/definitions"
location="http://example.com/stockquote/stockquote.wsdl"/>
<message name="GetLastTradePriceInput">
<part name="body" element="..."/>
</message>
...
</definitions>
CORRECT:
<definitions name="StockQuote"
targetNamespace="http://example.com/stockquote/"
xmlns:xsd1="http://example.com/stockquote/schemas"
...
xmlns="http://schemas.xmlsoap.org/wsdl/">
<import namespace="http://example.com/stockquote/definitions"
location="http://example.com/stockquote/stockquote.wsdl"/>
<message name="GetLastTradePriceInput">
<part name="body" element="xsd1:TradePriceRequest"/>
</message>
...
</definitions>
4.2.3 WSDL Import location Attribute Structure
WSDL 1.1 is not clear about whether the location attribute of the
wsdl:import statement is required, or what its content is required to be.
R2007
A DESCRIPTION MUST specify a non-empty location attribute on the
wsdl:import element.
Although the wsdl:import statement is modeled after the
xsd:import statement, the location attribute is required by
wsdl:import while the corresponding attribute on xsd:import,
schemaLocation is optional. Consistent with location being
required, its content is not intended to be empty.
4.2.4 WSDL Import location Attribute Semantics
WSDL 1.1 is unclear about whether WSDL processors must actually retrieve and process the
WSDL document from the URI specified in the location attribute on the wsdl:import
statements it encounters.
R2008
A CONSUMER MAY, but need not, retrieve a WSDL description from the URI specified in the location attribute on a wsdl:import element.
C
The value of the location attribute of a wsdl:import element is a hint. A WSDL processor may have other ways of locating a WSDL description for a given namespace.
4.2.5 Placement of WSDL import Elements
Example 3 in WSDL 1.1 Section 3.1 causes confusion regarding the placement of
wsdl:import.
R2022
When they appear in a DESCRIPTION,
wsdl:import elements MUST precede all other elements from the WSDL
namespace except wsdl:documentation.
R2023
When they appear in a DESCRIPTION,
wsdl:types elements MUST precede all other elements from the WSDL
namespace except wsdl:documentation and wsdl:import.
For example,
INCORRECT:
<definitions name="StockQuote"
...
xmlns="http://schemas.xmlsoap.org/wsdl/">
<import namespace="http://example.com/stockquote/definitions"
location="http://example.com/stockquote/stockquote.wsdl"/>
<message name="GetLastTradePriceInput">
<part name="body" type="tns:TradePriceRequest"/>
</message>
...
<service name="StockQuoteService">
<port name="StockQuotePort" binding="tns:StockQuoteSoap">
....
</port>
</service>
<types>
<schema targetNamespace="http://example.com/stockquote/schemas"
xmlns="http://www.w3.org/2001/XMLSchema">
.......
</schema>
</types>
</definitions>
CORRECT:
<definitions name="StockQuote"
targetNamespace="http://example.com/stockquote/definitions">
<import namespace="http://example.com/stockquote/base"
location="http://example.com/stockquote/stockquote.wsdl"/>
<message name="GetLastTradePriceInput">
<part name="body" element="..."/>
</message>
...
</definitions>
CORRECT:
<definitions name="StockQuote"
...
xmlns="http://schemas.xmlsoap.org/wsdl/">
<types>
<schema targetNamespace="http://example.com/stockquote/schemas"
xmlns="http://www.w3.org/2001/XMLSchema">
.......
</schema>
</types>
<message name="GetLastTradePriceInput">
<part name="body" element="tns:TradePriceRequest"/>
</message>
...
<service name="StockQuoteService">
<port name="StockQuotePort" binding="tns:StockQuoteSoap">
....
</port>
</service>
</definitions>
4.2.6 XML Version Requirements
Neither WSDL 1.1 nor XML Schema 1.0 mandate a particular version of XML. For interoperability, WSDL documents and the schemas they import expressed in XML must use version 1.0.
R4004
A DESCRIPTION MUST use version 1.0 of the eXtensible Markup Language W3C Recommendation.
4.2.7 XML Namespace Declarations
Although published errata NE05 (see http://www.w3.org/XML/xml-names-19990114-errata) allows this namespace declaration to appear, some older processors considered such a declaration to be an error. This requirement ensures that conformant artifacts have the broadest interoperability possible.
