Status of this Document
This section describes the status of this document at thetime of its publication. Other documents may supersede thisdocument. A list of current W3C publications and the latestrevision of this technical report can be found in the W3C technical reports index athttp://www.w3.org/TR/.
This is the Recommendationof the Web Services Addressing 1.0 - SOAP Binding specification. Ithas been produced by the Web Services Addressing WorkingGroup (WG), which is part of the W3C Web ServicesActivity.
This document has been reviewed by W3C Members, by softwaredevelopers, and by other W3C groups and interested parties, and isendorsed by the Director as a W3C Recommendation. It is a stabledocument and may be used as reference material or cited fromanother document. W3C's role in making the Recommendation is todraw attention to the specification and to promote its widespreaddeployment. This enhances the functionality and interoperability ofthe Web.
The Working Group made the following editorial changes to theProposed Recommendation in response to comments: normative andinformative references are now more clearly distinguished, and sometypographical errors were fixed. An implementationreport showing that the Candidate Recommendation exit criteriahave been met and exceeded is available, along with a test suite. Adiff-marked version against the previousversion of this document is available.
Please report errors in this document to the public public-ws-addressing-comments@w3.orgmailing list (publicarchive).
This document was produced by a group operating under the5February 2004 W3C Patent Policy. W3C maintains a public listof any patent disclosures made in connection with thedeliverables of the group; that page also includes instructions fordisclosing a patent. An individual who has actual knowledge of apatent which the individual believes contains Essential Claim(s) must disclose the information in accordancewith section 6 of the W3C Patent Policy.
1. Introduction
Web Services Addressing 1.0 - Core[WS-Addressing Core] defines a set ofabstract properties and an XML Infoset [XML Information Set] representationthereof to reference Web service endpoints and to facilitateend-to-end addressing of endpoints in messages. Web ServicesAddressing 1.0 - SOAP Binding (this document) defines the bindingof the abstract properties defined in Web Services Addressing 1.0 -Core to SOAP Messages.
The following example illustrates the use of these mechanisms ina SOAP 1.2 message being sent fromhttp://example.com/business/client1 tohttp://example.com/fabrikam/Purchasing:
Example1-1. Use of message addressing properties in a SOAP 1.2message.
(01) <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing">(02) <S:Header>(03) <wsa:MessageID>http://example.com/6B29FC40-CA47-1067-B31D-00DD010662DA</wsa:MessageID>(04) <wsa:ReplyTo>(05) <wsa:Address>http://example.com/business/client1</wsa:Address>(06) </wsa:ReplyTo>(07) <wsa:To>http://example.com/fabrikam/Purchasing</wsa:To>(08) <wsa:Action>http://example.com/fabrikam/SubmitPO</wsa:Action>(09) </S:Header>(10) <S:Body>(11) ...(12) </S:Body>(13) </S:Envelope>
Lines (02) to (09) represent the header of the SOAP messagewhere the mechanisms defined in the specification are used. Thebody is represented by lines (10) to (12).
Lines (03) to (08) contain the message addressing propertiesserialized as SOAP header blocks. Specifically, line (03) specifiesthe identifier for this message and lines (04) to (06) specify theendpoint to which replies to this message should be sent as anEndpoint Reference. Line (07) specifies the address URI of theultimate receiver of this message. Line (08) specifies an actionURI identifying expected semantics.
1.1 NotationalConventions
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALLNOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"in this document are to be interpreted as described in RFC 2119[IETF RFC 2119].
When describing abstract data models, this specification usesthe notational convention used by XML Infoset [XML Information Set]. Specifically,abstract property names always appear in square brackets (e.g.,[some property]).
When describing concrete XML schemas [XML Schema Structures, XML Schema Datatypes], this specificationuses the notational convention of WS-Security [WS-Security]. Specifically, each memberof an element's [children] or [attributes] property is describedusing an XPath-like notation (e.g.,/x:MyHeader/x:SomeProperty/@value1). The use of {any} indicates thepresence of an element wildcard (<xs:any/>). The use of@{any} indicates the presence of an attribute wildcard(<xs:anyAttribute/>).
1.2 Namespaces
This specification uses a number of namespace prefixesthroughout; they are listed in Table 1-1.Note that the choice of any namespace prefix is arbitrary and notsemantically significant (see [XMLNamespaces]).
Prefix | Namespace |
---|---|
S | http://www.w3.org/2003/05/soap-envelope |
S11 | http://schemas.xmlsoap.org/soap/envelope |
wsa | http://www.w3.org/2005/08/addressing |
wsaw | http://www.w3.org/2006/02/addressing/wsdl |
xs | http://www.w3.org/2001/XMLSchema |
WS-Addressing is defined in terms of the XML Information Set[XML Information Set].WS-Addressing is conformant to the SOAP 1.2 [SOAP 1.2 Messaging Framework] processingmodel and is also compatible with SOAP 1.1[SOAP 1.1] for backwards compatibility.WS-Addressing may be used with WSDL [WSDL2.0 Core Language] described services as described inWeb Services Addressing 1.0 - WSDL Binding[WS-Addressing WSDL Binding]. The examplesin this specification use an XML 1.0 [XML1.0] representation but this is not a requirement.
All information items defined by this specification areidentified by the XML namespace URI [XMLNamespaces] http://www.w3.org/2005/08/addressing.A normative XML Schema [XML SchemaStructures, XML SchemaDatatypes] document can be obtained by dereferencing theXML namespace URI.
2. SOAP 1.2 Addressing1.0 Feature
This section defines the SOAP 1.2 Addressing 1.0 Feature.
2.1 FeatureName
The SOAP 1.2 Addressing 1.0 Feature is named using the followingURI:
http://www.w3.org/2005/08/addressing/feature
2.2Description
The SOAP 1.2 Addressing 1.0 Feature provides a SOAP-specificexpression of the abstract message addressing properties defined byWeb Services Addressing 1.0 - Core[WS-Addressing Core].
This feature may be used with any SOAP MEP. A binding thatsupports this feature MUST provide a means to transmit theproperties listed below with a message and to reconstitute theirvalues on receipt of a message.
2.3Properties
The SOAP 1.2 Addressing 1.0 Feature defines the followingproperties:
- http://www.w3.org/2005/08/addressing/feature/Destination
Corresponds to the abstract [destination] property.
- http://www.w3.org/2005/08/addressing/feature/SourceEndpoint
Corresponds to the abstract [source endpoint] property.
- http://www.w3.org/2005/08/addressing/feature/ReplyEndpoint
Corresponds to the abstract [reply endpoint] property.
- http://www.w3.org/2005/08/addressing/feature/FaultEndpoint
Corresponds to the abstract [fault endpoint] property.
- http://www.w3.org/2005/08/addressing/feature/Action
Corresponds to the abstract [action] property.
- http://www.w3.org/2005/08/addressing/feature/MessageID
Corresponds to the abstract [message id] property.
- http://www.w3.org/2005/08/addressing/feature/Relationship
Corresponds to the abstract [relationship] property.
- http://www.w3.org/2005/08/addressing/feature/ReferenceParameters
Corresponds to the abstract [reference parameters] property.
2.4 Interactions with Other SOAPFeatures
If the http://www.w3.org/2003/05/soap/features/action/Actionproperty of the SOAP Action feature[SOAP 1.2 Adjuncts] has a value, then thevalue of the http://www.w3.org/2005/08/addressing/feature/Actionproperty of the SOAP 1.2 Addressing 1.0 feature MUST be identicalto it. Failure to have an identical value results in an InvalidAddressing Header fault (see 6.4.1Invalid Addressing Header).
3. SOAP 1.2 Addressing1.0 Module
The SOAP 1.2 Addressing 1.0 Module defines a set of SOAP headerblocks to support the SOAP 1.2 Addressing 1.0 Feature described in2. SOAP 1.2 Addressing 1.0Feature.
3.1 ModuleName
The SOAP 1.2 Addressing 1.0 Module is identified using thefollowing URI:
http://www.w3.org/2005/08/addressing/module
3.2Description
The SOAP 1.2 Addressing 1.0 Feature (see 2. SOAP 1.2 Addressing 1.0 Feature)defines a set of SOAP properties and their correspondence to theabstract message addressing properties defined by Web ServicesAddressing 1.0 - Core[WS-AddressingCore]. The SOAP 1.2 Addressing 1.0 Module defines SOAPheaders corresponding to the XML Infoset representation of theabstract message addressing properties defined in Web ServicesAddressing 1.0 - Core.
3.2.1 SendingMessages
When sending a message each property is represented using theappropriate element information item as a SOAP header block. Bydefault, the resulting header blocks are targeted at the ultimaterecipient in the SOAP message path (note that extensions toWS-Addressing could be written to specify different targetting).3.4 Binding Message AddressingProperties describes additional processing required whenbinding message addressing properties to SOAP header blocks.
3.2.2 ReceivingMessages
When receiving a message, the abstract properties are populatedfrom their corresponding element information items in the message.A message MUST NOT contain more than one wsa:To, wsa:ReplyTo,wsa:FaultTo, wsa:Action, or wsa:MessageID header targeted at arecipient; headers with an incorrect cardinality MUST NOT be usedto populate the corresponding abstract properties. A recipient MUSTgenerate a wsa:InvalidAddressingHeader (see 6.4.1 Invalid Addressing Header)fault if such a message is received.
Note:
The SOAP processing model dictates that message addressingproperties targeted at an intermediary do not normally get relayedas message addressing properties when the message is forwardedalong the message path. The specification for a SOAP header used asa reference parameter or use of the soap:relay attribute canoverride this default behavior.
3.3Additional Infoset Items
The SOAP 1.2 Addressing 1.0 Module defines the followingadditional XML Infoset items:
- /[referenceparameters]/@wsa:IsReferenceParameter
This REQUIRED attribute (of type xs:boolean) signifies whetherthe message addressing header is a reference parameter, see section3.4 Binding Message AddressingProperties for more details on its use.
3.4 Binding MessageAddressing Properties
When a message is to be addressed to an endpoint, the XMLInfoset representation of each message addressing property that hasbeen assigned a value is inserted into the message as a SOAP headerblock subject to the following additional constraints:
The value, if any, of the [reference parameters] property isadded to the SOAP message header: the element information item ofeach of the [reference parameters] (including all of its[children], [attributes] and [in-scope namespaces]) is added as aSOAP header block in the new message.
Note:
The insertion of SOAP headers into a message implies particularsemantics. Since the reference parameter mechanism does notrestrict the content of the generated headers, EPR suppliers shouldexercise appropriate caution to ensure their reference parametersdo not cause unintended or erroneous semantics in the resultantSOAP message. For example, using a reference parameter to send aWS-Security[WS-Security]header would be ill-advised (since other parts of the SOAPinfrastructure will often control this header, and there must be atmost one of them per message).
Each header block added as a result of the above rule isannotated with a wsa:IsReferenceParameter attribute (see 3.3 Additional Infoset Items) whosevalue is a valid xs:boolean representation of "true". Any existingwsa:IsReferenceParameter attribute on the header block isreplaced.
Note:
Integrity validation of [reference parameters] needs to takeinto account the addition of wsa:IsReferenceParameter attributesand the corresponding introduction of the WS-Addressing namespaceto the [in-scope namespaces]
The value of each message addressing property that is of typeIRI MUST be serialized as an absolute IRI in the corresponding SOAPheader block. No additional %-escaping is performed.
Each optional element or attribute that has a value equal to thedefined default value for that element or attribute MAY beomitted.
The following example shows how the SOAP 1.2 Addressing 1.0Module is used to construct a message addressed to theendpoint:
Example3-1. Example endpoint reference.
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsaw="http://www.w3.org/2006/02/addressing/wsdl" xmlns:fabrikam="http://example.com/fabrikam" xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance" wsdli:wsdlLocation="http://example.com/fabrikam http://example.com/fabrikam/fabrikam.wsdl"> <wsa:Address>http://example.com/fabrikam/acct</wsa:Address> <wsa:Metadata> <wsaw:InterfaceName>fabrikam:Inventory</wsaw:InterfaceName> </wsa:Metadata> <wsa:ReferenceParameters> <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey> <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart> </wsa:ReferenceParameters></wsa:EndpointReference>
The address value is copied in the "To" header block and the"CustomerKey" and "ShoppingCart" elements are copied literally as aheader blocks in a SOAP message addressed to this endpoint. Theresulting SOAP message would look as follows:
Example3-2. Example endpoint reference mapped to SOAP messageheader blocks.
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fabrikam="http://example.com/fabrikam"> <S:Header> ... <wsa:To>http://example.com/fabrikam/acct</wsa:To> <wsa:Action>...</wsa:Action> <fabrikam:CustomerKey wsa:IsReferenceParameter='true'>123456789</fabrikam:CustomerKey> <fabrikam:ShoppingCart wsa:IsReferenceParameter='true'>ABCDEFG</fabrikam:ShoppingCart> ... </S:Header> <S:Body> ... </S:Body></S:Envelope>
3.5Relationship between SOAP Headers and transport-levelproperties
Some underlying protocols may support native properties similarto the Message Addressing Properties. For example, the reply-to:email header is similar to the [reply endpoint] Message AddressingProperty. Authors and implementors of bindings should not assumeany particular correspondence between native properties and MessageAddressing Properties. For example, if an email message representsonly one hop in a multi-hop path, then the reply-to: header islikely to differ from the [reply endpoint] address.
4. SOAP 1.1 Addressing 1.0Extension
The SOAP 1.1 Addressing 1.0 Extension defines a set of SOAPheader blocks to support the SOAP 1.2 Addressing 1.0 Featuredescribed in 2. SOAP 1.2 Addressing 1.0Feature. This SOAP 1.1 extension is provided for backwardscompatibility only.
4.1 ExtensionName
The SOAP 1.1 Addressing 1.0 Extension is identified using thefollowing URI:
http://www.w3.org/2005/08/addressing/module
4.2 Description
The SOAP 1.2 Addressing 1.0 Feature (see 2. SOAP 1.2 Addressing 1.0 Feature)defines a set of SOAP properties and their correspondence to theabstract message addressing properties defined by Web ServicesAddressing 1.0 - Core[WS-AddressingCore]. The SOAP 1.1 Addressing 1.0 Extension uses theXML Infoset representation of the abstract message addressingproperties defined in Web Services Addressing 1.0 - Core and bindseach element information item to a SOAP header block. The SOAP 1.1Addressing 1.0 Extension operates as described in 3. SOAP 1.2 Addressing 1.0 Module with thefollowing exceptions:
- SOAP Action
Use of the SOAPAction HTTP request header field is required whenusing the SOAP 1.1 HTTP binding. The field-value of the SOAPActionHTTP request header MUST either be the value of the [action]property enclosed in quotation marks, or the empty value "". Thelatter case supports the ability to obscure the [action] propertythrough SOAP-level security mechanisms, without requiring otherwiseunnecessary transport-level security. Any other value forSOAPAction results in an Invalid Message Addressing Property fault(see 6.4.1 Invalid AddressingHeader).
5. Addressesin SOAP
In the following text, the term 'response endpoint' refers tothe [reply endpoint] and [fault endpoint] message addressingproperties collectively.
5.1 Use of AnonymousAddress in SOAP Response Endpoints
A value of "http://www.w3.org/2005/08/addressing/anonymous" forthe [destination] property implies no additional semantics beyondthose resulting from the rules defined below and as described inWeb Services Addressing 1.0 - Core[WS-Addressing Core]. In particular, notethat Web Services Addressing 1.0 - Core[WS-Addressing Core], section 3.4 requiressuch a value in messages sent to a response endpoint whose[address] is "http://www.w3.org/2005/08/addressing/anonymous".
5.1.1 SOAP 1.1/HTTP
When "http://www.w3.org/2005/08/addressing/anonymous" isspecified for the response endpoint then there is no change to theSOAP 1.1/ HTTP binding.
5.1.2 SOAP 1.2
When "http://www.w3.org/2005/08/addressing/anonymous" isspecified for the response endpoint and the message is thehttp://www.w3.org/2003/05/soap/mep/InboundMessage property of aSOAP request-response MEP [SOAP 1.2Adjuncts], then any response MUST be thehttp://www.w3.org/2003/05/soap/mep/OutboundMessage property of thesame instance of the SOAP request-response MEP [SOAP 1.2 Adjuncts].
5.2 Use ofNon-Anonymous Addresses in SOAP Response Endpoints
5.2.1 SOAP 1.1/HTTP
When "http://www.w3.org/2005/08/addressing/anonymous" is notspecified for the response endpoint, then the message SHOULD bepart of a binding that supports not returning a SOAP envelope inthe HTTP response (e.g. see [SOAP 1.1Request Optional Response HTTP Binding]). Any responsemessage SHOULD be sent using a separate connection and using theaddress value specified by response endpoint. Note that otherspecifications MAY define special URIs that have other behaviors(similar to the anonymous URI).
5.2.2 SOAP 1.2
When "http://www.w3.org/2005/08/addressing/anonymous" is notspecified for the response endpoint, then any response SHOULD NOTbe the http://www.w3.org/2003/05/soap/mep/OutboundMessage propertyof the same instance of the SOAP request-response MEP[SOAP 1.2 Adjuncts]. Forinstance, a SOAP 1.2 HTTP binding that supports a one-way MEP couldput the reply message in a separate one-way MEP and a separate HTTPrequest. As in SOAP 1.1/HTTP, note that other specifications MAYdefine special URIs that have other behaviors (similar to theanonymous URI).
6. Faults
The faults defined in this section are generated if thecondition stated in the preamble in each subsection is met.
Endpoints compliant with this specification MUST include therequired message addressing properties serialized as SOAP headersin generated fault messages. Fault messages are correlated asreplies using the [relationship] property as defined in WebServices Addressing 1.0 - Core[WS-Addressing Core]. Note that omissionof the [message id] property in an input message may impact theability of a fault message receiver to correlate the fault messageto the message that caused the fault message to be generated.Omission of the [fault endpoint] or [reply endpoint] properties ininput messages may impact the delivery of a generated faultmessage
The [action] property below designates WS-Addressing faultmessages:
http://www.w3.org/2005/08/addressing/fault
This action SHOULD NOT be used as an action value in messagesother than those carrying WS-Addressing faults.
SOAP modules, extensions and applications SHOULD define custom[action] values for the faults they describe but MAY designate useof the following [action] value instead:
http://www.w3.org/2005/08/addressing/soap/fault
The above [action] value SHOULD be used for SOAP defined faultsincluding version mismatch, must understand, and data encodingunknown.
Each of the predefined faults listed below is defined byspecifying values for the following abstract properties:
[Code] The fault code, use of the specified fault code isREQUIRED.
[Subcode] The fault subcode, use of the specified fault subcodeis REQUIRED.
[Subsubcode] A more specific fault subcode that may be used tofurther qualify the value of the [Subcode] property, use of aspecified fault subcode is OPTIONAL.
[Reason] The English language reason element, use of thespecified fault code is RECOMMENDED but alternate text MAY beused.
[Details] The detail elements, use of the specified detailelements is REQUIRED. If absent, no detail elements are defined forthe fault.
6.1 SOAP 1.2 FaultBinding
The fault properties bind to a SOAP 1.2 fault as follows:
- [Code]
The value of the [Code] property is bound as the value of theSOAP faults S:Fault/S:Code/S:Value element information item.
- [Subcode]
The value of the [Subcode] property is bound as the value of theSOAP faults S:Fault/S:Code/S:Subcode/S:Value element informationitem.
- [Subsubcode]
The value of the [Subsubcode] property is bound as the value ofthe SOAP faults S:Fault/S:Code/S:Subcode/S:/Subcode/S:Value elementinformation item.
- [Reason]
The value of the [Reason] property is bound as the value of theSOAP faults S:Fault/S:Reason/S:Text element information item.
- [Details]
The value of the [Details] property is bound as child elementsof the SOAP faults S:Fault/S:Detail element information item.
Example6-1. Binding of fault properties to SOAP 1.2messages.
<S:Envelope> <S:Header> <wsa:Action>http://www.w3.org/2005/08/addressing/fault</wsa:Action> <!-- Headers elided for brevity. --> </S:Header> <S:Body> <S:Fault> <S:Code> <S:Value>[Code]</S:Value> <S:Subcode> <S:Value>[Subcode]</S:Value> <S:Subcode> <S:Value>[Subsubcode]</S:Value> </S:Subcode> </S:Subcode> </S:Code> <S:Reason> <S:Text xml:lang="en">[Reason]</S:Text> </S:Reason> <S:Detail> [Detail] </S:Detail> </S:Fault> </S:Body></S:Envelope>
6.2 SOAP 1.1 FaultBinding
The SOAP 1.1 fault is slightly less expressive than the SOAP 1.2fault and maps only [Subcode], [Reason] and [Detail]. These theproperties bind to a SOAP 1.1 fault as follows:
- [Subcode] or [Subsubcode]
The value of the [Subsubcode] or, if that is not specified, thevalue of the [Subcode] property is bound as the value of the SOAPfaults S11:Fault/faultcode element.
- [Reason]
The value of the [Reason] property is bound as the value of theSOAP faults S11:Fault/faultstring element.
- [Details]
The SOAP 1.1 fault detail is only for use with faults related tothe body of a message and is therefore not used for SOAP 1.1 faultsrelated to processing of addressing headers. Instead the value ofthe [Details] property is bound as the value of a newwsa:FaultDetail SOAP header block. The following describes thewsa:FaultDetail element:
- /wsa:FaultDetail
Zero or more of the elements defined in 6.3 Fault Detail Elements.
- /wsa:FaultDetail/@{any}
Optional extensibility attributes including SOAP role andmustUnderstand.
Example6-2. Binding of fault properties to SOAP 1.1messages.
<S11:Envelope> <S11:Header> <wsa:Action>http://www.w3.org/2005/08/addressing/fault</wsa:Action> <wsa:FaultDetail>[Details]</wsa:FaultDetail> <!-- Other headers elided for brevity. --> </S11:Header> <S11:Body> <S11:Fault> <faultcode>[Subcode] or [Subsubcode]</faultcode> <faultstring xml:lang="en">[Reason]</faultstring> </S11:Fault> </S11:Body></S11:Envelope>
6.3Fault Detail Elements
The following subsections define a set of elements used toconvey additional information in the faults described in 6.4 Predefined Faults.
6.3.1 Problem HeaderQName
The following describes the <wsa:ProblemHeaderQName>element:
- /wsa:ProblemHeaderQName
A QName representing the name of the root element of the problemheader block.
- /wsa:ProblemHeaderQName/@{any}
Optional extensibility attributes that do not affectprocessing.
6.3.2 Problem IRI
The following describes the <wsa:ProblemIRI> element:
- /wsa:ProblemIRI
The IRI that caused the problem.
- /wsa:ProblemIRI/@{any}
Optional extensibility attributes that do not affectprocessing.
6.3.3 ProblemAction
The following describes the <wsa:ProblemAction>element:
- /wsa:ProblemAction/wsa:Action
An optional element that provides the [action] that caused theproblem.
- /wsa:ProblemAction/wsa:SoapAction
An optional element that provides the SOAPAction IRI that causedthe problem.
- /wsa:ProblemAction/{any}
Optional extensibility elements that do not affectprocessing.
- /wsa:ProblemAction/@{any}
Optional extensibility attributes that do not affectprocessing.
6.3.4 Retry After
The following describes the <wsa:RetryAfter> element:
- /wsa:RetryAfter
This element (whose content is of type xs:unsignedLong) is asuggested minimum duration in milliseconds to wait beforeretransmitting the message. Omission of this element indicates thata retry is never likely to succeed.
- /wsa:RetryAfter/@{any}
Optional extensibility attributes that do not affectprocessing.
6.4 PredefinedFaults
6.4.1Invalid Addressing Header
A header representing a WS-Addressing 1.0 Message AddressingProperty is invalid and cannot be processed. The validity failurecan be either structural or semantic, e.g. a [destination] that isnot an IRI or a [relationship] to a [message id] that was neverissued.
[Code] a QName representing the value S:Sender
[Subcode] a QName representing the valuewsa:InvalidAddressingHeader
[Reason] the string: "A header representing a Message AddressingProperty is not valid and the message cannot be processed"
[Details] either a <wsa:ProblemHeader> element thatconveys a copy of the offending header or a<wsa:ProblemHeaderQName> element that conveys the QName ofthe root element of the offending header.
The invalid addressing header fault can be further narrowed inscope by use of the additional [Subsubcode]s specified in thefollowing subsections. Use of these [Subsubcode] values isOPTIONAL.
6.4.1.3wsa:InvalidCardinality
Specifies that there was a greater than expected number of thespecified header.
6.4.1.4wsa:MissingAddressInEPR
Specifies that the invalid header was expected to be an EPR butdid not contain an [address].
6.4.1.5wsa:DuplicateMessageID
Specifies that the invalid header conveyed a [message id] thatwas a duplicate of one already received.
6.4.1.6wsa:ActionMismatch
Specifies that the [action] and SOAPAction for the message didnot match, [Details] MAY contain a <wsa:ProblemAction>element in addition to the <wsa:ProblemHeader> element or<wsa:ProblemHeaderQName> element.
6.4.2Message Addressing Header Required
A required header representing a Message Addressing Property isabsent.
[Code] a QName representing the value S:Sender
[Subcode] a QName representing the valuewsa:MessageAddressingHeaderRequired
[Reason] the string: "A required header representing a MessageAddressing Property is not present"
[Details] a <wsa:ProblemHeaderQName> element that conveysthe QName of the message addressing header that was missing.
6.4.3Destination Unreachable
The endpoint identified by the value of [destination] propertycannot be reached.
[Code] a QName representing the value S:Sender
[Subcode] a QName representing the valuewsa:DestinationUnreachable
[Reason] the string: "No route can be determined to reach[destination]"
[Details] an optional <wsa:ProblemIRI> element thatconveys the [address] of the [destination].
Implementation of this fault is optional.
6.4.4 Action NotSupported
The [action] property in the message is not supported at thisendpoint.
[Code] a QName representing the value S:Sender
[Subcode] a QName representing the valuewsa:ActionNotSupported
[Reason] the string: "The [action] cannot be processed at thereceiver"
[Details] a <wsa:ProblemAction> element with a REQUIRED<wsa:Action> child element
Implementation of this fault is optional.
6.4.5Endpoint Unavailable
The endpoint is unable to process the message at this timeeither due to some transient issue or a permanent failure.
The endpoint may optionally include a RetryAfter parameter inthe detail. The source SHOULD NOT retransmit the message until thisduration has passed.
[Code] a QName representing the value S:Receiver
[Subcode] a QName representing the valuewsa:EndpointUnavailable
[Reason] the string "The endpoint is unable to process themessage at this time"
[Details] an optional <wsa:RetryAfter> element and anoptional <wsa:ProblemIRI> element that conveys the [address]of the [destination].
Implementation of this fault is optional.
7. Security Considerations
Note:
No assumptions are made herein of the application level securityrequirement, the organization of the application, implementation ofsenders or receivers, or of the ways that other protocols may makeuse of WS-Addressing, and what security mechanisms they may employ.A holistic approach to security which considers all components ofthe application, other protocols utilized, the way that theseprotocols compose with WS-Security, and the use of other methods oradditional techniques is highly recommended.
As discussed in Web Services Addressing 1.0 -Core[WS-Addressing Core],WS-Addressing supports capabilities that allow a message sender toinstruct a message receiver to send additional unsolicited messagesto other receivers of their choice and to control the contents ofthose messages to an extent using reference parameters. The SOAPbinding of WS-Addressing transforms EPR reference parameters intoSOAP headers and this allows a message sender to request a messagereceiver to send additional unsolicited SOAP messages to otherreceivers of their choice and to specify a set of SOAP headers thatmust be included in such messages.
SOAP headers are a powerful extension mechanism and thereforegreat care should be taken before honoring a [reply endpoint] or[fault endpoint] to avoid inadvertent participation in theactivities of malicious SOAP message senders.
WS-Addressing message addressing properties serialized as SOAPheaders (wsa:To, wsa:Action et al.) including those headers presentas a result of the [reference parameters] property should beintegrity protected as explained in Web Services Addressing 1.0 -Core[WS-AddressingCore].
Messages that use wsa:ReplyTo or wsa:FaultTo headers whose[address] is not the predefined anonymous URI should include claimsthat allow a receiver to confirm that the EPR was issued by aprinciple with authority to represent the [address] of the EPR.
When receiving a SOAP message, certain SOAP headers may haveresulted from the serialization of an EPR's [reference parameters]property. A SOAP message receiver should perform additionalsecurity and sanity checks to prevent unintended actions.
7.1 Establishing EPRTrust
There are many mechanisms that could be used to supply proofthat a message sender has authority to represent the [address] ofEPRs supplied within the message. Typically such mechanisms requirethe inclusion of a WS-Security[WS-Security] header that contains XMLdigital signatures binding the wsa:ReplyTo and wsa:FaultTo elementsto the SOAP message using a security token issued by an authoritytrusted by the receiver of the message for the domain of the[address] of the EPR. Possession of a security token issued by atrusted authority for the domain of the [address] of the EPRprovides a level of confidence that the message sender hasauthority to represent the [address].
For example, a message could include aWS-Security[WS-Security]header that contains XML digital signatures binding the wsa:ReplyToand wsa:FaultTo elements to the SOAP message using an X.509certificate for the domain addressed by the [address] of the EPR.If the certificate is issued by a certificate authority trusted bythe receiver of the message then the receiver can have some levelof confidence that the message sender has authority to representthe [address] of the EPR.
7.2 Additional SecurityConsiderations
The wsa:isReferenceParameter attribute is only meaningful onSOAP headers. Message processors should consider its appearanceelsewhere in a SOAP message as a possible attack.
Message processors should consider elements from the soap11,soap12 and wsa namespaces appearing as reference parameters in anEPR as a possible attack.
There are known XML ID and re-structuring attacks which shouldbe considered by message processors, see [WS-Security] - Security Considerations:Removal and modification of XML elements.
7.3 AdditionalConsiderations for SOAP Intermediaries
To avoid breaking signatures, intermediaries MUST NOT change theXML representation of WS-Addressing headers when relaying thoseheaders. Specifically, intermediaries MUST NOT remove XML contentthat explicitly indicates otherwise-implied content, andintermediaries MUST NOT insert XML content to make implied valuesexplicit. For instance, if a RelationshipType attribute is presentwith a value of "http://www.w3.org/2005/08/addressing/reply", anintermediary MUST NOT remove it; similarly, if there is noRelationshipType attribute, an intermediary MUST NOT add one.
8. Conformance
A SOAP 1.2 message conforms to the SOAP 1.2 Addressing 1.0Module when it contains headers from the wsa namespace, and followsall the constraints on message addressing properties defined by WebServices Addressing 1.0 - Core[WS-Addressing Core] and by the SOAP 1.2Addressing 1.0 Module.
A SOAP 1.1 message conforms to the SOAP 1.1 Addressing 1.0Extension when it contains headers from the wsa namespace, andfollows all the constraints on message addressing propertiesdefined by Web Services Addressing 1.0 - Core[WS-Addressing Core] and by the SOAP 1.1Addressing 1.0 Extension.
An endpoint which conforms to this specification understands andaccepts SOAP messages containing headers in the wsa namespacetargeted to it, generates reply or fault messages it may send inresponse according to the rules outlined in this specification andin Web Services Addressing 1.0 - Core[WS-Addressing Core].
Note:
Web Services Addressing 1.0 - WSDL Binding[WS-Addressing WSDL Binding] definesadditional conformance requirements for the description of anendpoint.
Note:
Endpoints MAY accept and respond to messages which contain noWSA headers.
If a receiver processes a message containing a wsa:Actionheader, this SOAP binding is engaged, and the rules of thisspecification are in force.
9. References
9.1 Normative References
- [IETF RFC2119]
- Key wordsfor use in RFCs to Indicate Requirement Levels, S.Bradner, Author. Internet Engineering Task Force, June 1999.Available at http://www.ietf.org/rfc/rfc2119.txt.
- [IETF RFC3987]
- Internationalized ResourceIdentifiers (IRIs) M. Duerst, and M. Suignard, Authors.Internet Engineering Task Force, January 2005. Available athttp://www.ietf.org/rfc/rfc3987.txt.
- [SOAP 1.1]
- Simple ObjectAccess Protocol (SOAP) 1.1, D. Box, et al, Editors.World Wide Web Consortium, 8 May 2000. Available athttp://www.w3.org/TR/2000/NOTE-SOAP-20000508/.
- [SOAP 1.2 Messaging Framework]
- SOAP Version1.2 Part 1: Messaging Framework, M. Gudgin, M. Hadley,N. Mendelsohn, J-J. Moreau, H. Frystyk Nielsen, Editors. World WideWeb Consortium, 24 June 2003. This version of the SOAP Version 1.2Part 1: Messaging Framework Recommendation ishttp://www.w3.org/TR/2003/REC-soap12-part1-20030624/. The latest version of SOAP Version1.2 Part 1: Messaging Framework is available athttp://www.w3.org/TR/soap12-part1/.
- [SOAP 1.2 Adjuncts]
- SOAP Version1.2 Part 2: Adjuncts, M. Gudgin, M. Hadley, N.Mendelsohn, J-J. Moreau, H. Frystyk Nielsen, Editors. World WideWeb Consortium, 24 June 2003. This version of the SOAP Version 1.2Part 2: Adjuncts Recommendation ishttp://www.w3.org/TR/2003/REC-soap12-part2-20030624/. The latest version of SOAP Version1.2 Part 2: Adjuncts is available athttp://www.w3.org/TR/soap12-part2/.
- [WS-Addressing Core]
- Web ServicesAddressing 1.0 - Core, M. Gudgin, M. Hadley, and T.Rogers, Editors. World Wide Web Consortium, 9 May 2006. Thisversion of the WS-Addressing Core Recommendation ishttp://www.w3.org/TR/2006/REC-ws-addr-core-20060509. The latest version of WS-AddressingCore is available at http://www.w3.org/TR/ws-addr-core.
- [XML 1.0]
- Extensible MarkupLanguage (XML) 1.0 (Third Edition), T. Bray, J. Paoli,C. M. Sperberg-McQueen, and E. Maler, Editors. World Wide WebConsortium, 4 February 2004. This version of the XML 1.0Recommendation is http://www.w3.org/TR/2004/REC-xml-20040204. Thelatest version of XML1.0 is available at http://www.w3.org/TR/REC-xml.
- [XMLNamespaces]
- Namespaces inXML, T. Bray, D. Hollander, and A. Layman, Editors.World Wide Web Consortium, 14 January 1999. This version of the XMLInformation Set Recommendation ishttp://www.w3.org/TR/1999/REC-xml-names-19990114. The latest version of Namespacesin XML is available at http://www.w3.org/TR/REC-xml-names.
- [XMLInformation Set]
- XMLInformation Set (Second Edition), J. Cowan and R. Tobin,Editors. World Wide Web Consortium, 4 February 2004. This versionof the XML Information Set Recommendation ishttp://www.w3.org/TR/2004/REC-xml-infoset-20040204. The latest version of XMLInformation Set is available athttp://www.w3.org/TR/xml-infoset.
- [XMLSchema Structures]
- XML SchemaPart 1: Structures Second Edition, H. Thompson, D.Beech, M. Maloney, and N. Mendelsohn, Editors. World Wide WebConsortium, 28 October 2004. This version of the XML Schema Part 1Recommendation ishttp://www.w3.org/TR/2004/REC-xmlschema-1-20041028. The latest version of XML SchemaPart 1 is available at http://www.w3.org/TR/xmlschema-1.
- [XMLSchema Datatypes]
- XML SchemaPart 2: Datatypes Second Edition, P. Byron and A.Malhotra, Editors. World Wide Web Consortium, 28 October 2004. Thisversion of the XML Schema Part 2 Recommendation ishttp://www.w3.org/TR/2004/REC-xmlschema-2-20041028. The latest version of XML SchemaPart 2 is available at http://www.w3.org/TR/xmlschema-2.
9.2 Other References
- [SOAP1.1 Request Optional Response HTTP Binding]
- SOAP1.1 Request Optional Response HTTP Binding, D. Orchard,Editor. World Wide Web Consortium, 21 March 2006. This version ofthe SOAP 1.1 Request Optional Response HTTP Binding specificationis http://www.w3.org/TR/2006/NOTE-soap11-ror-httpbinding-20060321/.The latestversion of SOAP 1.1 Request Optional Response HTTP Binding isavailable http://www.w3.org/TR/soap11-ror-httpbinding.
- [WS-Addressing WSDL Binding]
- Web ServicesAddressing 1.0 - WSDL Binding, M. Gudgin, M. Hadley, T.Rogers, Ü. Yalçinalp, Editors. World Wide Web Consortium, 16February 2006. This version of the WS-Addressing WSDL Bindingspecification ishttp://www.w3.org/TR/2006/WD-ws-addr-wsdl-20060216. The latest version of WS-AddressingWSDL Binding is available athttp://www.w3.org/TR/ws-addr-wsdl.
- [WSDL 2.0 CoreLanguage]
- Web ServicesDescription Language (WSDL) Version 2.0 Part 1: CoreLanguage, R. Chinnici, J. J. Moreau, A. Ryman, and S.Weerawarana, Editors. World Wide Web Consortium, 27 March 2006.This version of the WSDL 2.0 specification ishttp://www.w3.org/TR/2006/CR-wsdl20-20060327. The latest version of WSDL 2.0 isavailable at http://www.w3.org/TR/wsdl20.
- [WS-Security]
- Web Services Security: SOAP Message Security 1.0 (WS-Security2004), A. Nadalin, C. Kaler, P. Hallam-Baker, R.Monzillo, Editors. Organization for the Advancement of StructuredInformation Standards, March 2004.
A.Acknowledgements (Non-Normative)
This document is the work of the W3C Web Service AddressingWorking Group.
Members of the Working Group are (at the time of writing, and byalphabetical order): Abbie Barbir (Nortel Networks), AndreasBjärlestam (ERICSSON), Dave Chappell (Sonic Software), EranChinthaka (WSO2), Francisco Curbera (IBM Corporation), Glen Daniels(Sonic Software), Vikas Deolaliker (Sonoa Systems, Inc.), PaulDowney (BT), Jacques Durand (Fujitsu Limited), Robert Freund(Hitachi, Ltd.), Marc Goodner (Microsoft Corporation), Arun Gupta(Sun Microsystems, Inc.), Hugo Haas (W3C/ERCIM), Marc Hadley (SunMicrosystems, Inc.), David Hull (TIBCO Software, Inc.), Yin-LengHusband (HP), David Illsley (IBM Corporation), Anish Karmarkar(Oracle Corporation), Paul Knight (Nortel Networks), Philippe LeHégaret (W3C/MIT), Amelia Lewis (TIBCO Software, Inc.), Bozhong Lin(IONA Technologies, Inc.), Mark Little (JBoss Inc.), Jonathan Marsh(Microsoft Corporation), Jeff Mischkinsky (Oracle Corporation),Nilo Mitra (ERICSSON), Eisaku Nishiyama (Hitachi, Ltd.), Ales Novy(Systinet Inc.), David Orchard (BEA Systems, Inc.), Gilbert Pilz(BEA Systems, Inc.), Alain Regnier (Ricoh Company, Ltd.), TonyRogers (Computer Associates), Tom Rutt (Fujitsu Limited), DavanumSrinivas (WSO2), Jiri Tejkl (Systinet Inc.), Mike Vernal (MicrosoftCorporation), Steve Vinoski (IONA Technologies, Inc.), Katy Warr(IBM Corporation), Pete Wenzel (Sun Microsystems, Inc.), SteveWinkler (SAP AG), Ümit Yalçinalp (SAP AG), Prasad Yendluri(webMethods, Inc.).
Previous members of the Working Group were: Lisa Bahler (SAIC -Telcordia Technologies), Rebecca Bergersen (IONA Technologies,Inc.), Ugo Corda (Sun Microsystems, Inc.), Michael Eder (Nokia),Yaron Goland (BEA Systems, Inc.), Marc Goodner (SAP AG), MartinGudgin (Microsoft Corporation), Mark Nottingham (BEA Systems,Inc.), Mark Peel (Novell, Inc.), Harris Reynolds (webMethods,Inc.), Rich Salz (IBM Corporation), Davanum Srinivas (ComputerAssociates), Greg Truty (IBM Corporation).
The people who have contributed to discussionson public-ws-addressing@w3.org are also gratefullyacknowledged.