WS-I

Basic Profile Version 2.0

Final Material

2010-11-09

This version:
http://www.ws-i.org/Profiles/BasicProfile-2.0-2010-11-09.html
Latest version:
http://www.ws-i.org/Profiles/BasicProfile-2.0.html
Errata for this Version:
http://www.ws-i.org/Profiles/BasicProfile-2.0-errata-2010-11-09.html
Editors:
Robert Chumbley , IBM
Jacques Durand , Fujitsu
Gilbert Pilz , Oracle
Tom Rutt , Fujitsu
Administrative contact:
secretary@ws-i.org

Abstract

This document defines the WS-I Basic Profile 2.0, consisting of a set of non-proprietary Web services specifications, along with clarifications, refinements, interpretations and amplifications of those specifications which promote interoperability. It also contains a set of executable test assertions for assessing the conformance to the profile.

Status of this Document

This is a final specification. Please refer to the errata, which may include normative corrections to it.

Notice

The material contained herein is not a license, either expressly or impliedly, to any intellectual property owned or controlled by any of the authors or developers of this material or WS-I. The material contained herein is provided on an "AS IS" basis and to the maximum extent permitted by applicable law, this material is provided AS IS AND WITH ALL FAULTS, and the authors and developers of this material and WS-I hereby disclaim all other warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THIS MATERIAL.

IN NO EVENT WILL ANY AUTHOR OR DEVELOPER OF THIS MATERIAL OR WS-I BE LIABLE TO ANY OTHER PARTY FOR THE COST OF PROCURING SUBSTITUTE GOODS OR SERVICES, LOST PROFITS, LOSS OF USE, LOSS OF DATA, OR ANY INCIDENTAL, CONSEQUENTIAL, DIRECT, INDIRECT, OR SPECIAL DAMAGES WHETHER UNDER CONTRACT, TORT, WARRANTY, OR OTHERWISE, ARISING IN ANY WAY OUT OF THIS OR ANY OTHER AGREEMENT RELATING TO THIS MATERIAL, WHETHER OR NOT SUCH PARTY HAD ADVANCE NOTICE OF THE POSSIBILITY OF SUCH DAMAGES.

Feedback

If there are areas in this specification that could be clearer, or if errors or omissions are identified, WS-I would like to be notified in order to provide the best possible interoperability guidance.

By sending email, or otherwise communicating with WS-I, you (on behalf of yourself if you are an individual, and your company if you are providing Feedback on behalf of the company) will be deemed to have granted to WS-I, the members of WS-I, and other parties that have access to your Feedback, a non-exclusive, non-transferable, worldwide, perpetual, irrevocable, royalty-free license to use, disclose, copy, license, modify, sublicense or otherwise distribute and exploit in any manner whatsoever the Feedback you provide regarding the work. You acknowledge that you have no expectation of confidentiality with respect to any Feedback you provide. You represent and warrant that you have rights to provide this Feedback, and if you are providing Feedback on behalf of a company, you represent and warrant that you have the rights to provide Feedback on behalf of your company. You also acknowledge that WS-I is not required to review, discuss, use, consider or in any way incorporate your Feedback into future versions of its work. If WS-I does incorporate some or all of your Feedback in a future version of the work, it may, but is not obligated to include your name (or, if you are identified as acting on behalf of your company, the name of your company) on a list of contributors to the work. If the foregoing is not acceptable to you and any company on whose behalf you are acting, please do not provide any Feedback.

Feedback on this document should be directed to wsi_wsbasic_comment@mp.ws-i.org.


Table of Contents

1. Introduction
1.1. Guiding Principles
1.2. Relationships to Other Profiles
1.2.1. Compatibility with Basic Profile 1.1
1.2.2. Relationship to Basic Profile 1.2
1.3. Test Assertions
1.4. Notational Conventions
1.5. Profile Identification and Versioning
2. Profile Conformance
2.1. Conformance Requirements
2.2. Conformance Targets
2.3. Conformance Scope
2.4. Claiming Conformance
3. Messaging
3.1. Message Serialization
3.1.1. XML Envelope Serialization
3.1.2. Unicode BOMs
3.1.3. XML Declarations
3.1.4. Character Encodings
3.1.5. XOP Encoded Messages
3.2. SOAP Envelopes
3.2.1. SOAP Envelope Structure
3.2.2. SOAP Body Namespace Qualification
3.2.3. Disallowed Constructs
3.2.4. xsi:type Attributes
3.2.5. SOAP 1.2 attributes on SOAP 1.2 elements
3.3. SOAP Processing Model
3.3.1. SOAP Fault Processing
3.4. SOAP Faults
3.4.1. Identifying SOAP Faults
3.5. Use of SOAP in HTTP
3.5.1. HTTP Protocol Binding
3.5.2. Parameters on the Content-Type MIME Header
3.5.3. HTTP Success Status Codes
3.5.4. HTTP Redirect Status Codes
3.5.5. HTTP Cookies
3.5.6. Non-Addressable Consumers and Instances
3.6. Use of URIs in SOAP
3.6.1. Use of SOAP-defined URIs
3.7. WS-Addressing Support
3.7.1. Requiring WS-Addressing SOAP Headers
3.7.2. NotUnderstood block in MustUnderstand Fault on WS-Addressing SOAP Headers
3.7.3. Use of wsa:Action and WS-Addressing 1.0 - Metadata
3.7.4. Valid Values for action Parameter on the Content-Type MIME header When WS-Addressing is Used
3.7.5. SOAP Defined Faults Action URI
3.7.6. Understanding WS-Addressing SOAP Header Blocks
3.7.7. Ignored or Absent WS-Addressing Headers
3.7.8. Present and Understood WS-Addressing Headers
3.7.9. SOAP MustUnderstand or VersionMismatch fault Transmission
3.7.10. Faulting Behavior with Present and Understood WS-Addressing Headers
3.7.11. [message id] and One-Way Operations
3.7.12. Refusal to Honor WS-Addressing Headers
3.7.13. Use of Non-Anonymous Response EPRs
3.7.14. Optionality of the wsa:To header
3.7.15. Extending WSDL Endpoints with an EPR
3.7.16. Combining Synchronous and Asynchronous Operations
3.7.17. Conflicting Addressing Policies
4. Service Description
4.1. Required Description
4.2. Document Structure
4.2.1. WSDL Import location Attribute Structure
4.2.2. WSDL Import location Attribute Semantics
4.2.3. XML Version Requirements
4.2.4. XML Namespace Declarations
4.2.5. WSDL and the Unicode BOM
4.2.6. Acceptable WSDL Character Encodings
4.2.7. Namespace Coercion
4.2.8. WSDL Extensions
4.3. Types
4.3.1. QName References
4.3.2. Schema targetNamespace Structure
4.3.3. soapenc:Array
4.3.4. WSDL and Schema Definition Target Namespaces
4.3.5. Multiple GED Definitions with the same QName
4.3.6. Multiple Type Definitions with the same QName
4.4. Messages
4.4.1. Bindings and Parts
4.4.2. Bindings and Faults
4.4.3. Unbound portType Element Contents
4.5. Port Types
4.5.1. Ordering of part Elements
4.5.2. Allowed Operations
4.5.3. Distinctive Operations
4.5.4. parameterOrder Attribute Construction
4.5.5. Exclusivity of type and element Attributes
4.6. Bindings
4.6.1. Use of SOAP Binding
4.7. SOAP Binding
4.7.1. HTTP Transport
4.7.2. Consistency of style Attribute
4.7.3. Encodings and the use Attribute
4.7.4. Multiple Bindings for portType Elements
4.7.5. Operation Signatures
4.7.6. Multiple Ports on an Endpoint
4.7.7. Child Element for Document-Literal Bindings
4.7.8. One-Way Operations
4.7.9. Namespaces for wsoap12 Elements
4.7.10. Consistency of portType and binding Elements
4.7.11. Enumeration of Faults
4.7.12. Consistency of Envelopes with Descriptions
4.7.13. Response Wrappers
4.7.14. Part Accessors
4.7.15. Namespaces for Children of Part Accessors
4.7.16. Required Headers
4.7.17. Allowing Undescribed Headers
4.7.18. Ordering Headers
4.7.19. Describing action Parameter on the Content-Type MIME Header
4.7.20. SOAPAction HTTP Header
4.7.21. SOAP Binding Extensions
4.8. Use of @soapActionRequired in WSDL 1.1 SOAP 1.2 Binding
4.9. Use of XML Schema
4.10. WS-Addressing 1.0 - Metadata
5. WSDL Corrections
5.1. Document Structure
5.1.1. WSDL Schema Definitions
5.1.2. WSDL and Schema Import
5.1.3. Placement of WSDL import Elements
5.1.4. WSDL documentation Element
5.2. Message
5.2.1. Declaration of part Elements
5.3. SOAP Binding
5.3.1. Specifying the transport Attribute
5.3.2. SOAP 1.2 Binding Extension
5.3.3. Type and Name of SOAP Binding Elements
5.3.4. name Attribute on Faults
5.3.5. Omission of the use Attribute
5.3.6. Default for use Attribute
6. Service Publication and Discovery
6.1. bindingTemplates
6.2. tModels
7. Security
7.1. Use of HTTPS
Appendix A: Referenced Specifications
Appendix B: Extensibility Points
Appendix C: Normative References
Appendix D: Defined Terms
Appendix E: Acknowledgements
Appendix F: Schemas

1. Introduction

This document defines the WS-I Basic Profile 2.0 (hereafter, "Profile"), consisting of a set of non-proprietary Web services specifications, along with clarifications, refinements, interpretations and amplifications of those specifications which promote interoperability.

Section 1 introduces the Profile, and explains its relationships to other profiles.

Section 2, "Profile Conformance," explains what it means to be conformant to the Profile.

Each subsequent section addresses a component of the Profile, and consists of two parts; an overview detailing the component specifications and their extensibility points, followed by subsections that address individual parts of the component specifications. Note that there is no relationship between the section numbers in this document and those in the referenced specifications.

1.1 Guiding Principles

The Profile was developed according to a set of principles that, together, form the philosophy of the Profile, as it relates to bringing about interoperability. This section documents these guidelines.

No guarantee of interoperability
It is impossible to completely guarantee the interoperability of a particular service. However, the Profile does address the most common problems that implementation experience has revealed to date.
Application semantics
Although communication of application semantics can be facilitated by the technologies that comprise the Profile, assuring the common understanding of those semantics is not addressed by it.
Testability
When possible, the Profile makes statements that are testable. However, requirements do not need to be testable to be included in the Profile. Preferably, testing is achieved in a non-intrusive manner (e.g., by examining artifacts "on the wire").
Strength of requirements
The Profile makes strong requirements (e.g., MUST, MUST NOT) wherever feasible; if there are legitimate cases where such a requirement cannot be met, conditional requirements (e.g., SHOULD, SHOULD NOT) are used. Optional and conditional requirements introduce ambiguity and mismatches between implementations.
Restriction vs. relaxation
When amplifying the requirements of referenced specifications, the Profile may restrict them, but does not relax them (e.g., change a MUST to a MAY).
Multiple mechanisms
If a referenced specification allows multiple mechanisms to be used interchangeably, the Profile selects those that are well-understood, widely implemented and useful. Extraneous or underspecified mechanisms and extensions introduce complexity and therefore reduce interoperability.
Future compatibility
When possible, the Profile aligns its requirements with in-progress revisions to the specifications it references. This aids implementers by enabling a graceful transition, and assures that WS-I does not 'fork' from these efforts. When the Profile cannot address an issue in a specification it references, this information is communicated to the appropriate body to assure its consideration.
Compatibility with deployed services
Backwards compatibility with deployed Web services is not a goal for the Profile, but due consideration is given to it; the Profile does not introduce a change to the requirements of a referenced specification unless doing so addresses specific interoperability issues.
Focus on interoperability
Although there are potentially a number of inconsistencies and design flaws in the referenced specifications, the Profile only addresses those that affect interoperability.
Conformance targets
Where possible, the Profile places requirements on artifacts (e.g., WSDL descriptions, SOAP messages) rather than the producing or consuming software's behaviors or roles. Artifacts are concrete, making them easier to verify and therefore making conformance easier to understand and less error-prone.
Lower-layer interoperability
The Profile speaks to interoperability at the application layer; it assumes that interoperability of lower-layer protocols (e.g., TCP, IP, Ethernet) is adequate and well-understood. Similarly, statements about application-layer substrate protocols (e.g., SSL/TLS, HTTP) are only made when there is an issue affecting Web services specifically; WS-I does not attempt to assure the interoperability of these protocols as a whole. This assures that WS-I's expertise in and focus on Web services standards is used effectively.

1.2 Relationships to Other Profiles

This Profile is derived from the Basic Profile 1.1 (BP 1.1) by incorporating any errata to date and including those requirements related to the serialization of envelopes and their representation in messages from the Simple SOAP Binding Profile 1.0 .

This Profile is NOT intended to be composed with the Simple SOAP Binding Profile 1.0. The Attachments Profile 1.0 adds support for SOAP with Attachments, and is intended to be used in combination with this Profile.

1.2.1 Compatibility with Basic Profile 1.1

This Profile (BP 2.0) is the first version of the WS-I Basic Profile that changes the version of SOAP in the profile scope from SOAP 1.1 to the W3C SOAP 1.2 Recommendation . As such, BP 1.1 conformant messages are inherently incompatible with those conformant with BP 2.0, while receivers and instances processing these messages may or may not support these two versions of the Basic Profile.

1.2.2 Relationship to Basic Profile 1.2

Similarly to this Profile, Basic Profile 1.2 (BP 1.2) is derived from Basic Profile 1.1 . Unlike this Profile, the version of SOAP in scope for BP 1.2 is, like BP 1.1, SOAP 1.1 . To the extent possible, this Profile and BP 1.2 attempt to maintain a common set of requirement numbers, and common requirement and expository text. There are cases where the differences between SOAP 1.1 and SOAP 1.2 necessitate unique requirements and/or differing requirement and expository text. Therefore, some requirements and test assertions may present issues of forward or backward compatibility.

1.3 Test Assertions

This profile document contains embedded Test Assertions (TA) that are associated with each normative profile requirement. In the HTML rendering of this document, these test assertions are accessible via a toggle link at the end of each requirement. When clicking on such a link, a table pops up that displays the TA parts. At the end of this table is another toggle link ("help-glossary") that displays an explanation glossary for the TA structure. In other formats of this document, the test assertions are grouped in an appendix not controlled by any link, in order to facilitate the printing of hard copies. The resulting set of test assertions embedded in this document represents a conformance test suite for the profile.

Release notes related to the test material included in this document are available here:

TESTING-RELEASE-NOTES

1.4 Notational Conventions

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119.

Normative statements of requirements in the Profile (i.e., those impacting conformance, as outlined in "Conformance Requirements") are presented in the following manner:

RnnnnStatement text here.

where "nnnn" is replaced by a number that is unique among the requirements in the Profile, thereby forming a unique requirement identifier.

Requirements can be considered to be namespace qualified, in such a way as to be compatible with QNames from Namespaces in XML. If there is no explicit namespace prefix on a requirement's identifier (e.g., "R9999" as opposed to "bp10:R9999"), it should be interpreted as being in the namespace identified for this Profile.

Extensibility points in underlying specifications (see "Conformance Scope") are presented in a similar manner:

EnnnnExtensibility Point Name - Description

where "nnnn" is replaced by a number that is unique among the extensibility points in the Profile. As with requirement statements, extensibility statements can be considered namespace-qualified.

This specification uses a number of namespace prefixes throughout; their associated URIs are listed below. Note that the choice of any namespace prefix is arbitrary and not semantically significant.

1.5 Profile Identification and Versioning

This document is identified by a name (in this case, Basic Profile) and a version number (here, 2.0). Together, they identify a particular profile instance.

Version numbers are composed of a major and minor portion, in the form "major.minor". They can be used to determine the precedence of a profile instance; a higher version number (considering both the major and minor components) indicates that an instance is more recent, and therefore supersedes earlier instances.

Instances of profiles with the same name (e.g., "Example Profile 1.1" and "Example Profile 5.0") address interoperability problems in the same general scope (although some developments may require the exact scope of a profile to change between instances).

One can also use this information to determine whether two instances of a profile are backwards-compatible; that is, whether one can assume that conformance to an earlier profile instance implies conformance to a later one. Profile instances with the same name and major version number (e.g., "Example Profile 1.0" and "Example Profile 1.1") MAY be considered compatible. Note that this does not imply anything about compatibility in the other direction; that is, one cannot assume that conformance with a later profile instance implies conformance to an earlier one.

2 Profile Conformance

Conformance to the Profile is defined by adherence to the set of requirements defined for a specific target, within the scope of the Profile. This section explains these terms and describes how conformance is defined and used.

2.1 Conformance Requirements

Requirements state the criteria for conformance to the Profile. They typically refer to an existing specification and embody refinements, amplifications, interpretations and clarifications to it in order to improve interoperability. All requirements in the Profile are considered normative, and those in the specifications it references that are in-scope (see "Conformance Scope") should likewise be considered normative. When requirements in the Profile and its referenced specifications contradict each other, the Profile's requirements take precedence for purposes of Profile conformance.

Requirement levels, using RFC2119 language (e.g., MUST, MAY, SHOULD) indicate the nature of the requirement and its impact on conformance. Each requirement is individually identified (e.g., R9999) for convenience.

For example;

R9999 Any WIDGET SHOULD be round in shape.

This requirement is identified by "R9999", applies to the target WIDGET (see below), and places a conditional requirement upon widgets.

Each requirement statement contains exactly one requirement level keyword (e.g., "MUST") and one conformance target keyword (e.g., "MESSAGE"). The conformance target keyword appears in bold text (e.g. "MESSAGE"). Other conformance targets appearing in non-bold text are being used strictly for their definition and NOT as a conformance target. Additional text may be included to illuminate a requirement or group of requirements (e.g., rationale and examples); however, prose surrounding requirement statements must not be considered in determining conformance.

Definitions of terms in the Profile are considered authoritative for the purposes of determining conformance.

2.2 Conformance Targets

Conformance targets identify what artifacts (e.g., SOAP message, WSDL description, UDDI registry data) or parties (e.g., SOAP processor, end user) requirements apply to.

This allows for the definition of conformance in different contexts, to assure unambiguous interpretation of the applicability of requirements, and to allow conformance testing of artifacts (e.g., SOAP messages and WSDL descriptions) and the behavior of various parties to a Web service (e.g., clients and service instances).

Requirements' conformance targets are physical artifacts wherever possible, to simplify testing and avoid ambiguity.

The following conformance targets are used in the Profile:

2.3 Conformance Scope

The scope of the Profile delineates the technologies that it addresses; in other words, the Profile only attempts to improve interoperability within its own scope. Generally, the Profile's scope is bounded by the specifications referenced by it.

The Profile's scope is further refined by extensibility points. Referenced specifications often provide extension mechanisms and unspecified or open-ended configuration parameters; when identified in the Profile as an extensibility point, such a mechanism or parameter is outside the scope of the Profile, and its use or non-use is not relevant to conformance.

Note that the Profile may still place requirements on the use of an extensibility point. Also, specific uses of extensibility points may be further restricted by other profiles, to improve interoperability when used in conjunction with the Profile.

Because the use of extensibility points may impair interoperability, their use should be negotiated or documented in some fashion by the parties to a Web service; for example, this could take the form of an out-of-band agreement.

The Profile's scope is defined by the referenced specifications in Appendix A, as refined by the extensibility points in Appendix B.

2.4 Claiming Conformance

Claims of conformance to the Profile can be made using either of the following mechanisms: 1) use of the Conformance Claim Attachment Mechanisms (see Section 2.4.1), or 2) use of the Web Services Policy - Framework [WS-Policy 1.5] and Web Services Policy - Attachment [WS-Policy Attachment 1.5] (see Section 2.4.2). Prior agreements between partners on how Profile conformance is to be advertised or required might exist. When no such prior agreement exists and there is a need to advertise, the use of WS-Policy is RECOMMENDED over the use of the Conformance Claim Attachment Mechanisms.

This Profile supports multiple conformance targets. Conformance targets are annotated in requirements as described in Section 2.2. The TAGs associated with each requirement in this Profile are partitioned into two major subsets: "CORE" (transport- independent) and "HTTP-TRANSPORT" (HTTP transport-specific). When the endpoint advertising conformance to this Profile is using HTTP, then all of the requirements of the Profile apply as specified in Section 2. When the endpoint advertising conformance to this Profile is using a transport other than HTTP, then only the requirements tagged with "CORE" apply.

2.4.1 Claiming Conformance using the Conformance Claim Attachment Mechanisms

Claims of conformance to this Profile can be made using the following Conformance Claim Attachment Mechanisms , when the applicable Profile requirements associated with the listed targets have been met:

The Basic Profile 2.0 conformance claim URI is:

http://ws-i.org/profiles/basic-profile/2.0/Conformant

When a web service instance is using HTTP, then all of the requirements of the Profile apply as specified in Section 2. When a transport other than HTTP is used, then only the requirements tagged with "CORE" apply.

2.4.2 Claiming Conformance using WS-Policy and WS-PolicyAttachment

Mechanisms described in Web Services Policy - Framework [WS-Policy 1.5] and Web Services Policy - Attachment [WS-Policy Attachment 1.5] specifications can be used to advertise conformance to this Profile. The Profile defines the following policy assertion for this purpose:

<bp20:Conformant xmlns:bp20="http://ws-i.org/profiles/basic-profile/2.0/"/>

A normative copy of the XML Schema for this assertion can be retrieved from the following address: http://ws-i.org/profiles/basic-profiles/2.0/bp20.xsd . A non-normative copy of the XML Schema is provided in Appendix F , for convenience.

The presence of this assertion indicates that the policy subject supports the requirements of this Profile in a manner that conforms to Basic Profile 2.0 (See Section 2). This assertion also requires that CONSUMERS MUST use the effected protocols in a way that conforms to Basic Profile 2.0. The absence of this assertion says nothing about Basic Profile 2.0 conformance; it simply indicates the lack of an affirmative declaration of and requirement for Basic Profile 2.0 conformance.

The bp20:Conformant policy assertion applies to the endpoint policy subject.

For WSDL 1.1, this assertion can be attached to a wsdl11:port or wsdl11:binding . A policy expression containing the bp20:Conformant policy assertion MUST NOT be attached to a wsdl:portType .

For example,

CORRECT:

<wsp:Policy xmlns:bp20="http://ws-i.org/profiles/basic-profile/2.0/"
            xmlns:wsp="http://www.w3.org/ns/ws-policy">
  <bp20:Conformant/>
</wsp:Policy>

The example above shows a policy expression that requires Basic Profile 2.0.

For example,

CORRECT:

<wsp:Policy xmlns:bp20="http://ws-i.org/profiles/basic-profile/2.0/"
            xmlns:wsp="http://www.w3.org/ns/ws-policy"
            xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
  <wsam:Addressing>
    <wsp:Policy/>
  </wsam:Addressing>
  <bp20:Conformant/>
</wsp:Policy>

The example above shows a policy expression that requires WS-Addressing and Basic Profile 2.0.

3. Messaging

This section of the Profile incorporates the following specifications by reference, and defines extensibility points within them:

These extensibility points are listed, along with any extensibility points from other sections of this Profile, in Appendix B

3.1 Message Serialization

This Profile is intended to compose with mechanisms to describe whether messages are encoded as SIMPLE_SOAP_MESSAGEs or XOP_ENCODED_MESSAGEs. As such it does not mandate that both of these encodings be supported for any given operation. Indeed, neither of these encodings need be supported if an alternate encoding such as that described in the Attachments Profile 1.0 is used.

SOAP 1.2 defines an XML structure for serializing messages, the envelope. This Profile places the following constraints on the use and serialization of the soap12:Envelope element and its content:

This Profile allows for the use of protocol bindings other than HTTP. Section 2.2 identifies the use of Simple SOAP and XOP encoded messages using HTTP. Section 3.1 identifies how encoding is handled for HTTP only. RFC 2616 and RFC3023 provide guidance for HTTP, supplemented by requirements throughout this profile. If another transport protocol is used, the responsibility for defining how to handle transport-specific features (e.g. content encoding) falls to the specification of the binding of SOAP to that transport protocol.

This section of the Profile incorporates the following specifications by reference:

3.1.1 XML Envelope Serialization

R9701 An ENVELOPE MUST be serialized as XML 1.0. CORE TESTABLE BP1019

3.1.2 Unicode BOMs

XML 1.0 allows UTF-8 encoding to include a BOM; therefore, receivers of envelopes must be prepared to accept them. The BOM is mandatory for XML encoded as UTF-16.

R4006 A RECEIVER MUST NOT fault due to the presence of a UTF-8 Unicode Byte Order Mark (BOM) in the SOAP envelope when the envelope is correctly encoded using UTF-8 and the "charset" parameter of the HTTP Content-Type header has a value of "utf-8" (see RFC3023). CORE TESTABLE_SCENARIO_DEPENDENT BP1306

R4007 A RECEIVER MUST NOT fault due to the presence of a UTF-16 Unicode Byte Order Mark (BOM) in the SOAP envelope when the envelope is correctly encoded using UTF-16 and the "charset" parameter of the HTTP Content-Type header has a value of "utf-16" (see RFC3023). CORE TESTABLE_SCENARIO_DEPENDENT BP1307

3.1.3 XML Declarations

Presence or absence of an XML declaration does not affect interoperability. Certain implementations might always precede their XML serialization with the XML declaration.

R1010 A RECEIVER MUST NOT fault due to the presence of an XML Declaration in the SOAP envelope (as specified by Section 2.8 of XML 1.0,"Prolog and Document Type Declaration"). CORE TESTABLE BP1015

3.1.4 Character Encodings

As a consequence of Section 4.3.3 of XML 1.0, "Character Encoding in Entities ", which requires XML processors to support both the UTF-8 and UTF-16 character encodings, this Profile mandates that RECEIVERs support both UTF-8 and UTF-16 character encodings.

To improve interoperability, the "charset" parameter of Content-Type HTTP header field must be used to determine the correct character encoding of the message.

As this Profile allows the use of protocol bindings other than HTTP, the transport is responsible for defining how encoding is handled as specified in Section 2.2 for Simple SOAP and XOP encoded messages using HTTP. This applies to this section and Section 3.1.5 .

R1012 An ENVELOPE MUST be serialized using either UTF-8 or UTF-16 character encoding. CORE TESTABLE BP1018

R1018 A SIMPLE_SOAP_MESSAGE MUST indicate the correct character encoding, using the "charset" parameter. CORE TESTABLE BP1018

R1019 A RECEIVER MUST ignore the encoding pseudo-attribute of the envelope's XML declaration. CORE TESTABLE_SCENARIO_DEPENDENT BP1306

3.1.5 XOP Encoded Messages

There exists some confusion among implementations about the proper encoding of the action parameter for XOP encoded messages. The multipart/related media type specification does not include an action parameter, though it does permit extensibility. Thus, the action parameter on the multipart/related Content-Type header has no defined semantic. The correct encoding is to include the action parameter inside the start-info parameter of the enclosing MIME multipart/related entity body as well as inside the type parameter of the root part. Nevertheless, existing SENDERs could emit an XOP message with the action parameter encoded as a separate parameter on the Content-Type header of the enclosing multipart/related MIME entity body. This Profile does not preclude a RECEIVER from accepting such a message.

See Section 3.1.4 for conformance criteria when using HTTP.

R1020 A XOP_ENCODED_MESSAGE MUST include the start-info parameter in the Content-Type header of the enclosing multipart/related MIME entity body. CORE TESTABLE BP1020

R1021 A XOP_ENCODED_MESSAGE MUST include the full value of the type parameter from the root entity body part inside the start-info parameter of the enclosing multipart/related MIME entity body part's Content-Type header. CORE TESTABLE BP1021

R1022 A RECEIVER MUST NOT fault due to the action parameter of an XOP encoded message being included with the value of the start-info parameter inside the Content-Type header of the enclosing multipart/related MIME entity body. CORE NOT_TESTABLE

For example,

INCORRECT:

MIME-Version: 1.0
Content-Type: Multipart/Related;boundary=MIME_boundary;
  type="application/xop+xml";
  start="<mymessage.xml@example.org>";
  start-info="application/soap+xml";
  action="ProcessData"

--MIME_boundary
Content-Type: application/xop+xml;
  charset=UTF-8;
  type="application/soap+xml; action=\"ProcessData\""
Content-Transfer-Encoding: 8bit
Content-ID: <mymessage.xml@example.org>
...

CORRECT:

MIME-Version: 1.0
Content-Type: Multipart/Related;boundary=MIME_boundary;
  type="application/xop+xml";
  start="<mymessage.xml@example.org>";
  start-info="application/soap+xml; action=\"ProcessData\""
Content-Description: A SOAP message with my pic and sig in it

--MIME_boundary
Content-Type: application/xop+xml;
  charset=UTF-8;
  type="application/soap+xml; action=\"ProcessData\""
Content-Transfer-Encoding: 8bit
Content-ID: <mymessage.xml@example.org>
...

3.2 SOAP Envelopes

SOAP 1.2, Section 5 , defines a structure for composing messages, the "SOAP Envelope". The Profile mandates the use of that structure, and places the following constraints on its use.

3.2.1 SOAP Envelope Structure

There are obvious interoperability problems if different implementations do not agree on the number of allowable children for the soap12:Body element.

R9980 An ENVELOPE MUST conform to the structure specified in SOAP Version 1.2 Part 1, Section 5, "SOAP Envelope" (subject to amendment by the Profile). CORE TESTABLE BP1600

R9981 An ENVELOPE MUST have exactly zero or one child elements of the soap12:Body element. CORE TESTABLE BP1881

See the requirements in Section 4.4.1 for the corresponding, requisite constraints on a DESCRIPTION.

3.2.2 SOAP Body Namespace Qualification

The use of unqualified element names may cause naming conflicts, therefore qualified names must be used for the children of soap12:Body .

R1014 The children of the soap12:Body element in an ENVELOPE MUST be namespace qualified. CORE TESTABLE BP1202

3.2.3 Disallowed Constructs

XML DTDs and PIs may introduce security vulnerabilities, processing overhead and semantic ambiguity when used in envelopes. As a result, certain XML constructs are disallowed by section 5 of SOAP 1.2.

Although published errata NE05 (see http://www.w3.org/XML/xml-names-19990114-errata ) allows the namespace declaration xmlns:xml="http://www.w3.org/XML/1998/namespace" to appear, some older processors considered such a declaration to be an error. These requirements ensure that conformant artifacts have the broadest interoperability possible.

R1008 An ENVELOPE MUST NOT contain a Document Type Declaration. CORE TESTABLE BP1007

R1009 An ENVELOPE MUST NOT contain Processing Instructions. CORE TESTABLE BP1208

R1033 An ENVELOPE MUST NOT contain the namespace declaration xmlns:xml="http://www.w3.org/XML/1998/namespace". CORE TESTABLE BP1033

3.2.4 xsi:type Attributes

In many cases, senders and receivers will share some form of type information related to the envelopes being exchanged.

R1017 A RECEIVER MUST NOT fault on the absence of the xsi:type attribute in envelopes, except in cases where this attribute is required to indicate a derived type (see XML Schema Part 1: Structures, Section 2.6.1). CORE NOT_TESTABLE

3.2.5 SOAP 1.2 attributes on SOAP 1.2 elements

R1032 The soap12:Envelope, soap12:Header, and soap12:Body elements in an ENVELOPE MUST NOT have attributes in the namespace "http://www.w3.org/2003/05/soap-envelope". CORE TESTABLE BP1032

3.3 SOAP Processing Model

SOAP 1.2, Section 2 defines a model for the processing of envelopes. In particular, it defines rules for the processing of header blocks and the envelope body. It also defines rules related to generation of faults. The Profile places the following constraints on the processing model:

3.3.1 SOAP Fault Processing

When a fault is generated, no further processing should be performed. In request-response exchanges, a fault message will be transmitted to the sender of the request, and some application level error will be flagged to the user.

Both SOAP and this Profile use the term 'generate' to denote the creation of a SOAP Fault. It is important to realize that generation of a Fault is distinct from its transmission, which in some cases is not required.

R1029 Where the normal outcome of processing a SOAP envelope would have resulted in the transmission of a SOAP response, but rather a fault is generated instead, the RECEIVER MUST NOT transmit the non-faulting response. CORE NOT_TESTABLE

Note that there may be valid reasons (such as security considerations) why a fault might not be transmitted.

3.4 SOAP Faults

3.4.1 Identifying SOAP Faults

Some consumer implementations erroneously use only the HTTP status code to determine the presence of a Fault. Because there are situations where the Web infrastructure changes the HTTP status code, and for general reliability, the Profile requires that they examine the envelope. A Fault is an envelope that has a single child element of the soap12:Body element, that element being the soap12:Fault element.

R1107 A RECEIVER MUST interpret a SOAP message as a Fault when the soap12:Body of the message has a single soap12:Fault child. CORE NOT_TESTABLE

3.5 Use of SOAP in HTTP

While SOAP itself is not transport specific, this Profile focuses on its use with HTTP and makes no requirements on the use of any other transport. Other profiles might be developed to focus on the particulars of other transports, but that is out of scope for this Profile. With respect to compliance to this Profile, any requirement that mentions the HTTP transport applies only when HTTP is being used. Any requirement that is not specific to HTTP (i.e. does not mention HTTP specifically) applies toward conformance regardless of the transport mechanism being used. For convenience, the HTTP transport-specific requirements have been identified and tagged as specified in Section 2.4 .

Section 7 of SOAP 1.2 Part 2 defines a single protocol binding, for HTTP/1.1 . The Profile makes use of that binding, and places the following constraints on its use:

For this section, the conformance criteria for the use of HTTP as a transport protocol are specified in Section 2.3 .

3.5.1 HTTP Protocol Binding

Several versions of HTTP are defined. HTTP/1.1 has performance advantages, and is more clearly specified than HTTP/1.0.

R1141 When HTTP is used as the transport, a MESSAGE MUST be sent using either HTTP/1.1 or HTTP/1.0. HTTP-TRANSPORT TESTABLE BP1002

R1140 When HTTP is used as the transport, a MESSAGE SHOULD be sent using HTTP/1.1. HTTP-TRANSPORT TESTABLE BP1001

Note that support for HTTP/1.0 is implied in HTTP/1.1, and that intermediaries may change the version of a message; for more information about HTTP versioning, see RFC2145, "Use and Interpretation of HTTP Version Numbers."

3.5.2 Parameters on the Content-Type MIME Header

R1109 If present, the values of the following parameters - type, start-info, action, and boundary - on the Content-Type MIME header field-value in a request MESSAGE MUST be a quoted string. HTTP-TRANSPORT TESTABLE BP1006

3.5.3 HTTP Success Status Codes

HTTP uses the 2xx series of status codes to communicate success. In particular, 200 is the default for successful messages, but 202 can be used to indicate that a message has been submitted for processing. Additionally, other 2xx status codes may be appropriate, depending on the nature of the HTTP interaction.

R1124 An INSTANCE MUST use a 2xx HTTP status code on a response message that indicates the successful outcome of a HTTP Request. HTTP-TRANSPORT NOT_TESTABLE

R1111 An INSTANCE SHOULD use a "200 OK" HTTP status code on a response message that contains an envelope that is not a fault. HTTP-TRANSPORT TESTABLE BP1100

R1112 An INSTANCE SHOULD use either a "200 OK" or "202 Accepted" HTTP status code for a response message that does not contain a SOAP envelope but indicates the successful outcome of a HTTP Request. HTTP-TRANSPORT TESTABLE BP1101

Despite the fact that the HTTP 1.1 assigns different meanings to response status codes "200" and "202", in the context of the Profile they should be considered equivalent by the initiator of the request. The Profile accepts both status codes because some SOAP implementations have little control over the HTTP protocol implementation and cannot control which of these response status codes is sent.

3.5.4 HTTP Redirect Status Codes

There are interoperability problems with using many of the HTTP redirect status codes, generally surrounding whether to use the original method, or GET. The Profile mandates "307 Temporary Redirect", which has the semantic of redirection with the same HTTP method, as the correct status code for redirection. For more information, see the 3xx status code descriptions in RFC2616.

R1130 An INSTANCE MUST use the "307 Temporary Redirect" HTTP status code when redirecting a request to a different endpoint. HTTP-TRANSPORT NOT_TESTABLE

RFC2616 notes that user-agents should not automatically redirect requests; however, this requirement was aimed at browsers, not automated processes (which many Web services will be). Therefore, the Profile allows, but does not require, consumers to automatically follow redirections.

3.5.5 HTTP Cookies

The HTTP State Management Mechanism ("Cookies") allows the creation of stateful sessions between Web browsers and servers. Because they are designed for hypertext browsing, Cookies do not have well-defined semantics for Web services, and, because they are external to the envelope, are not accommodated by either SOAP 1.2 or WSDL 1.1. This Profile limits the ways in which Cookies can be used, without completely disallowing them.

R1122 An INSTANCE using Cookies SHOULD conform to RFC2965. HTTP-TRANSPORT NOT_TESTED

R1121 An INSTANCE SHOULD NOT require consumer support for Cookies in order to function correctly. HTTP-TRANSPORT NOT_TESTED

The Profile recommends that cookies not be required by instances for proper operation; they should be a hint, to be used for optimization, without materially affecting the execution of the Web service.

3.5.6 Non-Addressable Consumers and Instances

Definition: non-addressable

A CONSUMER or INSTANCE is deemed "non-addressable" when, for whatever reason, it is either unwilling or unable to provide a network endpoint that is capable of accepting connections. This means that the CONSUMER or INSTANCE cannot service incoming HTTP connections and can only transmit HTTP Request messages and receive HTTP Response messages.

Non-addressable CONSUMERs and INSTANCEs, by their nature, cannot service incoming HTTP connections. Therefore any ENVELOPEs that they receive, either as requests (in the case of INSTANCEs) or responses (in the case of CONSUMERs), MUST, when HTTP is used, be carried in the entity-body of an HTTP Request message.

R1202 When a CONSUMER is non-addressable, a SOAP ENVELOPE, that is described by the output message of a WSDL operation supported by an INSTANCE, MUST be bound to a HTTP Response message. HTTP-TRANSPORT TESTABLE BP1126a BP1126b

R1203 When an INSTANCE is non-addressable, a SOAP ENVELOPE, that is described by the input message of a WSDL operation supported by the INSTANCE, MUST be bound to a HTTP Response message. HTTP-TRANSPORT TESTABLE

R1204 When an INSTANCE is non-addressable, a SOAP ENVELOPE, that is described by the output message of a WSDL operation supported by the INSTANCE, MUST be bound to a HTTP Request message. HTTP-TRANSPORT TESTABLE

Note that INSTANCEs can poll for requests from CONSUMERs using mechanisms such as those described in WS-MakeConnection .

3.6 Use of URIs in SOAP

This section of the Profile incorporates the following specifications by reference:

SOAP 1.2, Section 6 describes the use URIs as identifiers. For example, the role attribute value is a URI that identifies the SOAP node(s) to which a particular header block is targeted. To ensure interoperability it is important that SENDERs and RECEIVERs share a common understanding of how such URI values will be compared. The Profile places the following constraints on the use of such URI values:

3.6.1 Use of SOAP-defined URIs

A SOAP 1.2 defined URI, such as the role value "http://www.w3.org/2003/05/soap-envelope/role/next", is treated as follows:

R1160 A RECEIVER, for the purposes of comparison of URI values of information items defined by the SOAP 1.2 specification, MUST treat the computed absolute URI values as simple strings as defined in RFC3986 (see RFC3986, Section 6.2.1). CORE NOT_TESTABLE

3.7 WS-Addressing Support

WS-Addressing is a part of core Web services infrastructure. To facilitate interoperability and to provide a common baseline, this profile requires compliant clients and services to provide support for WS-Addressing Core, WS-Addressing SOAP Binding and WS-Addressing Metadata, as modified by this Profile.

Support for WS-Addressing by a specific "service" is optional. However, a service may require the use of WS-Addressing, in which case, for successful interaction with that service, a client will need to support it.

Note that two BP compliant web services instances may both support the use of WS- Addressing yet fail to agree on a common set of features necessary to interact with one another. For example, a RECEIVER may require the use of non-anonymous response EPRs (and advertise this via the wsam:NonAnonymousResponses nested policy assertion) yet a SENDER, for various reasons (e.g. the presence of NATs or firewalls), may only support the use of anonymous response EPRs.

3.7.1 Requiring WS-Addressing SOAP Headers

R1040 If an endpoint requires use of WS-Addressing by use of a wsam:Addressing policy assertion, an ENVELOPE sent by a SENDER MUST carry all required WS-Addressing SOAP headers. CORE TESTABLE BP1040a BP1040b BP1040c BP1142a BP1142b BP1142c BP1143a BP1143b BP1143c

3.7.2 NotUnderstood block in MustUnderstand Fault on WS-Addressing SOAP Headers

R1041 An ENVELOPE that is a MustUnderstand SOAP fault, sent from an endpoint that has a policy alternative containing the wsam:Addressing assertion attached to its WSDL endpoint subject, MUST NOT contain a NotUnderstood SOAP header block with the qname attribute value that identifies a WS-Addressing defined SOAP header block. CORE TESTABLE BP1041

3.7.3 Use of wsa:Action and WS-Addressing 1.0 - Metadata

WS-Addressing 1.0 - Metadata, Section 5.1 defines additional constraints on the cardinality of WS-Adressing Message Addressing Properties defined in WS-Addressing 1.0 - Core. These constraints are defined for every message involved in WSDL 1.1 transmission primitives. The Profile requires conformance to this section when WS-Addressing is used in conjunction with a WSDL 1.1 description.

R1142 An ENVELOPE that includes a wsa:Action SOAP header block and which is described using a WSDL 1.1 description MUST conform to WS-Addressing 1.0 - Metadata, Section 5.1. CORE TESTABLE BP1142a BP1142b BP1142c BP1143a BP1143b BP1143c

3.7.4 Valid Values for action Parameter on the Content-Type MIME header When WS-Addressing is Used

There could be some confusion with regards to the range of valid values for the action parameter on the Content-Type MIME header when WS-Addressing is used.

When composed with WS-Addressing, the value of the action parameter, if present, is limited to the absolute URI that matches the value specified for wsa:Action . The action parameter is optional and is therefore not required to be present on the header. This is useful, for example, when the value of wsa:Action is sensitive and is therefore encrypted.

R1144 When the wsa:Action SOAP header block is present in an envelope, the value of the action parameter, if present, on the Content-Type MIME header of the MESSAGE MUST be an absolute URI that has the same value as the value of the wsa:Action header. HTTP-TRANSPORT TESTABLE BP1144

3.7.5 SOAP Defined Faults Action URI

WS-Addressing provides the URI http://www.w3.org/2005/08/addressing/soap/fault for "SOAP defined faults". However, it only recommends, rather than mandates its use for the SOAP 1.2 defined MustUnderstand and VersionMismatch faults. This Profile mandates the use of the WS-Addressing defined wsa:Action value for SOAP 1.2 defined MustUnderstand and VersionMismatch faults, for interoperability.

R1035 An ENVELOPE MUST use the http://www.w3.org/2005/08/addressing/soap/fault URI as the value for the wsa:Action SOAP header element, when present, for either of the SOAP 1.2 defined VersionMismatch and MustUnderstand faults. CORE TESTABLE BP1035

3.7.6 Understanding WS-Addressing SOAP Header Blocks

WS-Addressing 1.0 - SOAP Binding defines multiple SOAP header blocks (wsa:To, wsa:From, wsa:ReplyTo, wsa:FaultTo, wsa:Action, wsa:MessageID, and wsa:RelatesTo). These SOAP header blocks are part of the same module. A SOAP node that conforms to the Profile understands and honors all of these SOAP header blocks (when it understands WS-Addressing) or none at all (when it does not understand WS-Addressing).

R1143 When a message contains multiple WS-Addressing SOAP header blocks with at least one of those header blocks containing a soap12:mustUnderstand='1' attribute, then a RECEIVER MUST honor all the WS-Addressing SOAP header blocks or none of them. CORE TESTABLE BP1043a BP1043b

3.7.7 Ignored or Absent WS-Addressing Headers

When WS-Addressing headers are present in a SOAP envelope, but do not contain a soap12:mustUnderstand="1" attribute, a RECEIVER may choose to ignore these SOAP headers (per R1143 ). Consistent with R1036 , valid reasons may exist why (not where) faults are not transmitted.

R1145 If a SOAP envelope does not contain any WS-Addressing header blocks, or contains WS-Addressing header blocks that do not include any soap12:mustUnderstand="1" attributes, and the RECEIVER chooses to ignore them, then any response (normal or fault) SHOULD be transmitted. If it is transmitted then it is transmitted on the HTTP Response message (if available). HTTP-TRANSPORT NOT_TESTED

3.7.8 Present and Understood WS-Addressing Headers

When any WS-Addressing header blocks are present in a SOAP envelope (where soap12:mustUnderstand="1" attributes exist or the header contents are understood), any non-faulting response will be transmitted to the endpoint referred to by the wsa:ReplyTo header. Should a fault be generated, it replaces the non-faulting response.

R1146 A RECEIVER MUST transmit non-faulting responses to the endpoint referred to by the wsa:ReplyTo header or generate a fault instead (per R1029). CORE TESTABLE BP1146

SOAP 1.2 allows a RECEIVER to ignore headers that it does not understand. This behavior is particularly relevant for WS-Addressing headers that affect message processing and routing. As an example, take the following message sent to a SOAP node that does not understand the "http://www.w3.org/2005/08/addressing" namespace:


<soap12:Envelope xmlns:soap12="http://www.w3.org/2003/05/soap-envelope"
                 xmlns:wsa="http://www.w3.org/2005/08/addressing">
  <soap12:Header>
    <wsa:MessageID>uuid:8B82EA41-1485-13A6-5631527DC83F4168</wsa:MessageID>
    <wsa:Action>http://www.wstf.org/docs/scenarios/sc002/Echo</wsa:Action>
    <wsa:ReplyTo>
      <wsa:Address>http://server.foobie.com/NotifyEcho/asynchResp</wsa:Address>
    </wsa:ReplyTo>
    . . .
  </soap12:Header>
  <soap12:Body>
    . . .
  </soap12:Body>
</soap12:Envelope>

The SENDER expects the response to be sent "server.foobie.com". Yet, because it does not recognize the WS-Addressing 1.0 namespace, the RECEIVER will ignore the WS-Addressing headers as if WS-Addressing weren't engaged; consequently the SOAP response will be sent in the entity-body of the HTTP Response and may be missed by the SENDER.

Another example is where a message with an empty SOAP Body carries the semantic intent in its wsa:Action header.

In situations where the ability of the receiving node to understand WS-Addressing 1.0 headers is in doubt and the correct processing of the WS-Addressing is semantically significant (such as the two examples given), the SENDER is encouraged to add the soap12:mustUnderstand attribute with a value of "1" to the wsa:Action header. This prompts the RECEIVER to generate a MustUnderstand fault in cases where the WS-Addressing headers are not understood.

3.7.9 SOAP MustUnderstand or VersionMismatch fault Transmission

SOAP MustUnderstand and VersionMismatch faults are detected irrespective of the use of WS-Addressing headers. There may be valid reasons why (not where) faults are transmitted, e.g. security concerns or the HTTP Response connection is no longer available. In these cases the SENDER will not receive any SOAP envelope response.

R1036 Regardless of whether the wsa:ReplyTo or wsa:FaultTo SOAP headers appear in the incoming message, a RECEIVER that receives a SOAP envelope that generates either a SOAP MustUnderstand or VersionMismatch fault SHOULD transmit either fault. If it is transmitted, such a fault is transmitted on the HTTP Response message (if available). HTTP-TRANSPORT NOT_TESTED

3.7.10 Faulting Behavior with Present and Understood WS-Addressing Headers

When WS-Addressing headers are present in a SOAP envelope (where soap12:mustUnderstand="1" attributes exist or the header contents are understood), should a fault be generated, it will be transmitted to the endpoint referred to by the wsa:FaultTo header. WS-Addressing specifies expected behavior should the wsa:FaultTo header be absent.

R1147 If a fault is generated, the RECEIVER SHOULD transmit the fault (per R1029). CORE NOT_TESTED

R1161 Other than those faults specified in R1036, faults in R1147 SHOULD be transmitted by the RECEIVER as specified in WS-Addressing 1.0 - Core, Section 3.4. CORE TESTABLE

R1162 When the wsa:FaultTo SOAP header exists, the RECEIVER MUST NOT transmit faults to the endpoint referred to by the wsa:ReplyTo header. CORE TESTABLE

R1148 If an error occurs when transmitting the fault in R1147, a RECEIVER MAY choose to send a fault related to this transmission error on the HTTP Response (if available). HTTP-TRANSPORT NOT_TESTED

Note: To avoid a recursive situation, if a fault is generated while trying to transmit to the endpoint referred to by the wsa:ReplyTo header (R1146 ) and the wsa:FaultTo header is absent, R1147 does not apply.

3.7.11 [message id] and One-Way Operations

When sending a one-way message the SENDER could choose to ignore any possible response - for example, a fault. However, if the SENDER is interested in receiving those messages, the SENDER will need to include a [message id] property in the one-way message to ensure that the response can be successfully transmitted (see WS-Addressing 1.0 - Core, Section 3.4 ).

R1163 When applying the processing rules defined by WS-Addressing 1.0 - Core, Section 3.4, if a related message lacks a [message id] property, the RECEIVER MUST generate a wsa:MessageAddressingHeaderRequired fault. CORE TESTABLE

While the RECEIVER is under no obligation to transmit faults, including a [message id] property will provide the RECEIVER with sufficient information to generate a response if needed.

3.7.12 Refusal to Honor WS-Addressing Headers

There may be many reasons (e.g. security, unsupported wsa:Address values, ...) why a RECEIVER does not honor any WS-Addressing headers. In these cases and irrespective of where the condition occurs, when any WS-Addressing headers are present in a SOAP envelope (where soap12:mustUnderstand=1 attributes exist or the header contents are understood), the RECEIVER must generate a fault.

R1149 If a RECEIVER detects one of the error conditions specified in Section 6.4 of the Web Services Addressing 1.0 - SOAP Binding, it MUST generate a fault using the [Code], [Subcode], and [Subsubcode] listed for that particular error condition. CORE TESTABLE BP1149a BP1149b BP1149c BP1149d

3.7.13 Use of Non-Anonymous Response EPRs

The WS-Addressing [destination] URI of an outgoing message influences where this message will be sent. In the case of the outgoing response (normal or fault), if this URI is a non-anonymous URI then this message will be sent over a separate HTTP connection from one used to carry the request message.

R1152 If an INSTANCE attempts to send a message to a non-anonymous [destination] URI then the message MUST be transmitted in the entity-body of an HTTP Request. CORE TESTABLE BP1152a BP1152b BP1152c

3.7.14 Optionality of the wsa:To header

WS-Addressing 1.0 - Core and WS-Addressing 1.0 - Metadata are unclear about whether and when the wsa:To header element is required in a SOAP message. This Profile makes the following, clarifying requirement.

R1153 Except in cases in which an instance exposes a WSDL description and its endpoint includes a wsdl:port that has been extended with a wsa:EndpointReference, a RECEIVER MUST NOT fault a SOAP request message due to the absence of the wsa:To header. CORE TESTABLE BP1153a BP1153b

Although the wsa:To header is optional, as a matter of best practice implementations are encouraged to include this header (with a non-anonymous value) as its presence provides a greater degree of flexibility in handling certain situations; for example, when moving a service endpoint from one URI to another.

As per WS-Addressing 1.0 - Core, the [destination] message addressing property of a request message without a wsa:To header is "http://www.w3.org/2005/08/addressing/anonymous". Note that none of the WS-Addressing 1.0 specifications describes the semantics of sending a SOAP request message, over HTTP, either without a wsa:To header or with a wsa:To header with the value of "http://www.w3.org/2005/08/addressing/anonymous". To clarify, such a request is considered to be addressed to "the entity listening at the URI of the HTTP Request that contains this message". Sent over a connection to http://www.example.org, the following three example messages are consistent:

For example,

CORRECT:

POST /NotifyEcho/soap12service HTTP/1.1
Content-Type: text/xml;charset=UTF-8
...
<soap12:Envelope ...>
 <soap12:Header>
    <wsa:Action>http://www.wstf.org/sc002/Echo</wsa:Action>
 </soap12:Header>
 <soap12:Body>
   ...
 </soap12:Body>
</soap12:Envelope>

CORRECT:

POST /NotifyEcho/soap12service HTTP/1.1
Content-Type: text/xml;charset=UTF-8
...
<soap12:Envelope ...>
 <soap12:Header>
    <wsa:To>http://www.w3.org/2005/08/addressing/anonymous</wsa:To>
    <wsa:Action>http://www.wstf.org/sc002/Echo</wsa:Action>
 </soap12:Header>
 <soap12:Body>
   ...
 </soap12:Body>
</soap12:Envelope>

CORRECT:

POST /NotifyEcho/soap12service HTTP/1.1
Content-Type: text/xml;charset=UTF-8
...
<soap12:Envelope ...>
 <soap12:Header>
    <wsa:To>http://www.example.org/NotifyEcho/soap12service</wsa:To>
    <wsa:Action>http://www.wstf.org/sc002/Echo</wsa:Action>
 </soap12:Header>
 <soap12:Body>
   ...
 </soap12:Body>
</soap12:Envelope>

3.7.15 Extending WSDL Endpoints with an EPR

WS-Addressing 1.0 - Metadata is unclear about the relationship between the elements of a WSDL 1.1 description of an endpoint and the values of the addressing properties of a message sent to that endpoint. In particular, the value of the [destination] message addressing property needs to be clarified in order to insure interoperability between SENDER and RECEIVER. There are two cases to consider. The first case is where the wsdl:port has been extended with a wsa:EndpointReference as described by Section 4.1 of WS-Addressing 1.0 - Metadata. In this case the following requirement applies:

R1154 When sending a request message to an endpoint which is specified by a WSDL 1.1 description in which the wsdl:port element has been extended with a wsa:EndpointReference, if the wsa:Action SOAP header block is present, the SENDER MUST populate the wsa:To and reference parameter SOAP headers of that request message with the values of the wsa:Address and wsa:ReferenceParameters elements (respectively) of the extending endpoint reference. CORE TESTABLE

Note that, since [address] is a required property of an endpoint reference, extending a wsdl:port with a wsa:EndpointReference has the effect of populating the [destination] property of the outgoing message, thus mandating the inclusion of the wsa:To header.

The second case is where the wsdl:port has not been extended with a wsa:EndpointReference .

R1155 When sending a request message to an endpoint which is specified by a WSDL 1.1 description in which the wsdl:port element has not been extended with a wsa:EndpointReference, if the wsa:Action SOAP header block is present, the SENDER MAY populate the wsa:To SOAP header of that request message with the value of the location attribute of the wsoap12:address extension element. CORE TESTABLE

3.7.16 Combining Synchronous and Asynchronous Operations

WS-Addressing 1.0 - Metadata defines a policy assertion, wsam:Addressing , that is used to indicate whether WS-Addressing is supported or required. It is a nested policy container assertion and can contain additional restrictions (specifically the wsam:AnonymousResponses and wsam:NonAnonymousResponses policy assertions) on the value of the response endpoint EPRs in request messages. A top-level assertion without any nested assertions implies that both anonymous and non-anonymous are allowed. The WS-Addressing 1.0 - Metadata specification sets the scope of this assertion to be endpoint policy subject. However, with regards to the anonymous/non-anonymous restrictions, experience has shown that it is often desirable to have different policies for different operations on the same endpoint. For example, some of the operations of an endpoint may need to be synchronous while others may need to be asynchronous. It is worthwhile to indicate this difference in a WSDL description. In the absence of any guidance on the mechanism(s) for expressing such per-operation distinctions, individual implementations will create their own extensions for enabling this feature. To avoid the interoperability problems inherent in such an approach, the Profile defines the following extension to the behavior defined by WS-Addressing 1.0 Metadata.

WS-Addressing 1.0 Metadata allows policies containing the wsam:Addressing policy assertion to be attached to either a wsdl:port or a wsdl:binding . To these two options the Profile adds a third option which allows policies containing the wsam:Addressing policy assertion to be attached to wsdl:binding/wsdl:operation elements. When the wsam:Addressing policy assertion is attached to the wsdl:binding/wsdl:operation element, it applies to the operation policy subject. Nevertheless, it should always be the case that if one operation of an endpoint supports or requires WS-Addressing, then all operations of that endpoint must support or require WS-Addressing (although, potentially, with different restrictions). Furthermore, to simplify the calculation of the effective policy for each operation and decrease the possibility of creating conflicting policies, each operation within such an endpoint should affirmatively declare its policy with respect to WS-Addressing.

R1156 In a DESCRIPTION, a policy that contains the wsam:Addressing assertion MUST be attached to either a wsdl:port, a wsdl:binding or a wsdl:binding/wsdl:operation. CORE NOT_TESTABLE_XPATH

R1157 If a DESCRIPTION has a policy alternative containing the wsam:Addressing assertion attached to a wsdl:binding/wsdl:operation, then all of the wsdl:operations within that wsdl:binding MUST also have a policy alternative containing the wsam:Addressing assertion attached to them. CORE NOT_TESTABLE_XPATH

In addition to the above restrictions and as stated in R1158 , the effective policy alternatives for a given policy subject must not contain conflicting assertions.

For example,

INCORRECT:

<wsdl:binding name="sc009SOAP12Binding" type="tns:sc009PortType">
  <wsp:Policy>
    <wsam:Addressing>
      <wsp:Policy/>
    </wsam:Addressing>
  </wsp:Policy>
  ...
  <wsdl:operation name="CreatePO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy>
          <wsam:NonAnonymousResponses/>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="GetPOStatus">
    ...
  </wsdl:operation>

  <wsdl:operation name="UpdatePO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy>
          <wsam:NonAnonymousResponses/>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="CancelPO">
    ...
  </wsdl:operation>
</wsdl:binding>

<wsdl:service name="sc009Service">
  <wsdl:port name="soap12port" binding="tns:sc009SOAP12Binding">
    ...
  </wsdl:port>
</wsdl:service>

The above example is incorrect for two reasons. Firstly, it violates R1157 because the GetPOStatus and CancelPO operations do not have policies containing the wsam:Addressing assertion attached to them. Secondly, the effective policies for both the CreatePO and UpdatePO operations contain conflicting assertions (a wsam:Addressing assertion that is unconstrained with regards to anonymous/non-anonymous and a wsam:Addressing assertion that is constrained to just non-anonymous) within the same alternative.

For example,

INCORRECT:

<wsdl:binding name="sc009SOAP12Binding" type="tns:sc009PortType">
  ...
  <wsdl:operation name="CreatePO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy>
          <wsam:NonAnonymousResponses/>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="GetPOStatus">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy/>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="UpdatePO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy>
          <wsam:NonAnonymousResponses/>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="CancelPO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy/>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>
</wsdl:binding>

<wsdl:service name="sc009Service">
  <wsdl:port name="soap12port" binding="tns:sc009SOAP12Binding">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy/>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:port>
</wsdl:service>

The above example is incorrect because the effective policies for both the CreatePO and UpdatePO operations contain conflicting assertions (a wsam:Addressing assertion that is unconstrained with regards to anonymous/non-anonymous and a wsam:Addressing assertion that is constrained to just non-anonymous) within the same alternative.

For example,

CORRECT:

<wsdl:binding name="sc009SOAP12Binding" type="tns:sc009PortType">
  ...
  <wsdl:operation name="CreatePO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy>
          <wsam:NonAnonymousResponses/>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="GetPOStatus">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy/>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="UpdatePO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy>
          <wsam:NonAnonymousResponses/>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>

  <wsdl:operation name="CancelPO">
    <wsp:Policy>
      <wsam:Addressing>
        <wsp:Policy/>
      </wsam:Addressing>
    </wsp:Policy>
    ...
  </wsdl:operation>
</wsdl:binding>

<wsdl:service name="sc009Service">
  <wsdl:port name="soap12port" binding="tns:sc009SOAP12Binding">
    ...
  </wsdl:port>
</wsdl:service>

The above example is correct. All of the operations in the soap12port of the s009Service require WS-Addressing. While the response EPRs for GetPOStatus and CancelPO are unconstrained, the response EPRs for the CreatePO and UpdatePO operations must be non-anonymous.

3.7.17 Conflicting Addressing Policies

When used together, the wsam:AnonymousResponses and wsam:NonAnonymousResponses nested policy assertions could result in an effective policy that contradicts WS-Addressing 1.0 - Metadata (i.e. "request messages sent to this endpoint must use response endpoint EPRs that simultaneously do and do not contain the WS-Addressing anonymous URI"). The Profile restricts the use of the wsam:AnonymousResponses and wsam:NonAnonymousResponses nested policy assertions to avoid this situation.

R1158 In a DESCRIPTION the effective policy for a given endpoint MUST NOT contain both the wsam:AnonymousResponses and wsam:NonAnonymousResponses assertions within a single policy alternative. CORE NOT_TESTABLE_XPATH

4. Service Description

The Profile uses Web Services Description Language (WSDL) to enable the description of services as sets of endpoints operating on messages.

This section of the Profile incorporates the following specifications by reference, and defines extensibility points within them:

These extensibility points are listed, along with any extensibility points from other sections of this Profile, in Appendix B

4.1 Required Description

An instance of a Web service is required to make the contract that it operates under available in some fashion.

R0001 Either an INSTANCE's WSDL 1.1 description, its UDDI binding template, or both MUST be available to an authorized consumer upon request. CORE TESTABLE BP2703

This means that if an authorized consumer requests a service description of a conformant service instance, then the service instance provider must make the WSDL document, the UDDI binding template, or both available to that consumer. A service instance may provide run-time access to WSDL documents from a server, but is not required to do so in order to be considered conformant. Similarly, a service instance provider may register the instance provider in a UDDI registry, but is not required to do so to be considered conformant. In all of these scenarios, the WSDL contract must exist, but might be made available through a variety of mechanisms, depending on the circumstances.

4.2 Document Structure

WSDL 1.1, Section 2.1 defines the overall structure of an XML document for describing Web services. The Profile mandates the use of that structure, and places the following constraints on its use.

Note that Section 5.1, "Document Structure" , contains additional, corrective requirements on the structure of a WSDL 1.1 document.

4.2.1 WSDL Import location Attribute Structure

WSDL 1.1 is not clear about whether the location attribute of the wsdl:import statement is required, or what its content is required to be.

R2007 A DESCRIPTION MUST specify a non-empty location attribute on the wsdl:import element. CORE TESTABLE BP2098

Although the wsdl:import statement is modeled after the xsd:import statement, the location attribute is required by wsdl:import while the corresponding attribute on xsd:import , schemaLocation is optional. Consistent with location being required, its content is not intended to be empty.

4.2.2 WSDL Import location Attribute Semantics

WSDL 1.1 is unclear about whether WSDL processors must actually retrieve and process the WSDL document from the URI specified in the location attribute on the wsdl:import statements it encounters.

R2008 A CONSUMER MAY, but need not, retrieve a WSDL description from the URI specified in the location attribute on a wsdl:import element. CORE NOT_TESTED

The value of the location attribute of a wsdl:import element is a hint. A WSDL processor may have other ways of locating a WSDL description for a given namespace.

4.2.3 XML Version Requirements

Neither WSDL 1.1 nor XML Schema 1.0 mandate a particular version of XML. For interoperability, WSDL documents and the schemas they import expressed in XML must use version 1.0.

R4004 A DESCRIPTION MUST use version 1.0 of the eXtensible Markup Language W3C Recommendation. CORE NOT_TESTED

4.2.4 XML Namespace Declarations

Although published errata NE05 (see http://www.w3.org/XML/xml-names-19990114-errata) allows this namespace declaration to appear, some older processors considered such a declaration to be an error. This requirement ensures that conformant artifacts have the broadest interoperability possible.

R4005 A DESCRIPTION SHOULD NOT contain the namespace declaration xmlns:xml="http://www.w3.org/XML/1998/namespace". CORE TESTABLE BP2034

4.2.5 WSDL and the Unicode BOM

XML 1.0 allows documents that use the UTF-8 character encoding to include a BOM; therefore, description processors must be prepared to accept them.

R4002 A DESCRIPTION MAY include the Unicode Byte Order Mark (BOM). CORE NOT_TESTED

4.2.6 Acceptable WSDL Character Encodings

The Profile consistently requires either UTF-8 or UTF-16 encoding for both SOAP and WSDL.

R4003 A DESCRIPTION MUST use either UTF-8 or UTF-16 encoding. CORE TESTABLE BP2201

4.2.7 Namespace Coercion

Namespace coercion on wsdl:import is disallowed by the Profile.

R2005 The targetNamespace attribute on the wsdl:definitions element of a description that is being imported MUST have same the value as the namespace attribute on the wsdl:import element in the importing DESCRIPTION. CORE TESTABLE BP2104