Basic Profile Version 2.0

Abstract

This document defines the WS-I Basic Profile 2.0, consisting of a set of non-proprietary Web services specifications, along with clarifications, refinements, interpretations and amplifications of those specifications which promote interoperability

Status of this Document

This document is a Working Group Draft; it has been accepted by the Working Group as reflecting the current state of discussions. It is a work in progress, and should not be considered authoritative or final; other documents may supersede this document.

Note: The working group believes that the technical work related to the prose aspects of the profile is complete (barring any feedback). However, the technical work on the in-lined test assertions is still very much a work in progress.

Notice

The material contained herein is not a license, either expressly or impliedly, to any intellectual property owned or controlled by any of the authors or developers of this material or WS-I. The material contained herein is provided on an "AS IS" basis and to the maximum extent permitted by applicable law, this material is provided AS IS AND WITH ALL FAULTS, and the authors and developers of this material and WS-I hereby disclaim all other warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THIS MATERIAL.

IN NO EVENT WILL ANY AUTHOR OR DEVELOPER OF THIS MATERIAL OR WS-I BE LIABLE TO ANY OTHER PARTY FOR THE COST OF PROCURING SUBSTITUTE GOODS OR SERVICES, LOST PROFITS, LOSS OF USE, LOSS OF DATA, OR ANY INCIDENTAL, CONSEQUENTIAL, DIRECT, INDIRECT, OR SPECIAL DAMAGES WHETHER UNDER CONTRACT, TORT, WARRANTY, OR OTHERWISE, ARISING IN ANY WAY OUT OF THIS OR ANY OTHER AGREEMENT RELATING TO THIS MATERIAL, WHETHER OR NOT SUCH PARTY HAD ADVANCE NOTICE OF THE POSSIBILITY OF SUCH DAMAGES.

Feedback

The Web Services-Interoperability Organization (WS-I) would like to receive input, suggestions and other feedback ("Feedback") on this work from a wide variety of industry participants to improve its quality over time.

By sending email, or otherwise communicating with WS-I, you (on behalf of yourself if you are an individual, and your company if you are providing Feedback on behalf of the company) will be deemed to have granted to WS-I, the members of WS-I, and other parties that have access to your Feedback, a non-exclusive, non-transferable, worldwide, perpetual, irrevocable, royalty-free license to use, disclose, copy, license, modify, sublicense or otherwise distribute and exploit in any manner whatsoever the Feedback you provide regarding the work. You acknowledge that you have no expectation of confidentiality with respect to any Feedback you provide. You represent and warrant that you have rights to provide this Feedback, and if you are providing Feedback on behalf of a company, you represent and warrant that you have the rights to provide Feedback on behalf of your company. You also acknowledge that WS-I is not required to review, discuss, use, consider or in any way incorporate your Feedback into future versions of its work. If WS-I does incorporate some or all of your Feedback in a future version of the work, it may, but is not obligated to include your name (or, if you are identified as acting on behalf of your company, the name of your company) on a list of contributors to the work. If the foregoing is not acceptable to you and any company on whose behalf you are acting, please do not provide any Feedback.

Feedback on this document should be directed to wsbasic_comment@ws-i.org.

Table of Contents

1. Introduction
1.1. Relationships to Other Profiles
1.2. Guiding Principles
1.3. Compatibility with Basic Profile 1.1 and 1.2
1.4. Notational Conventions
1.5. Profile Identification and Versioning
2. Profile Conformance
2.1. Conformance Requirements
2.2. Conformance Targets
2.3. Conformance Scope
2.4. Claiming Conformance
3. Messaging
3.1. Message Serialization
3.1.1. XML Envelope Serialization
3.1.2. Unicode BOMs
3.1.3. XML Declarations
3.1.4. Character Encodings
3.1.5. XOP Encoded Messages
3.2. SOAP Envelopes
3.2.1. SOAP Envelope Structure
3.2.2. SOAP Body Namespace Qualification
3.2.3. Disallowed Constructs
3.2.4. xsi:type Attributes
3.2.5. SOAP 1.2 attributes on SOAP 1.2 elements
3.3. SOAP Processing Model
3.3.1. SOAP Fault Processing
3.4. SOAP Faults
3.4.1. Identifying SOAP Faults
3.4.2. SOAP Defined Faults Action URI
3.4.3. SOAP MustUnderstand or VersionMismatch fault Transmission
3.5. Treatment of URIs in SOAP
3.5.1. Comparison of URI values of SOAP Information Items
3.6. Support for WS-Addressing
3.6.1. Requiring WS-Addressing SOAP headers
3.6.2. NotUnderstood block in MustUnderstand Fault on WS-Addressing SOAP headers
3.7. Use of WS-Addressing MAPs
3.7.1. Use of wsa:Action and WS-Addressing 1.0 - Metadata
3.7.2. Understanding WS-Addressing SOAP Header Blocks
3.7.3. Valid Values for action Parameter on the Content-Type MIME header When WS-Addressing is Used
3.8. Use of SOAP in HTTP
3.8.1. HTTP Protocol Binding
3.8.2. Parameters on the Content-Type MIME Header
3.8.3. HTTP Success Status Codes
3.8.4. HTTP Redirect Status Codes
3.8.5. HTTP Cookies
3.8.6. Use of Non-Anonymous Reponse EPR in a Request-Response Operation
3.9. Use of URIs in SOAP
3.9.1. Use of SOAP-defined URIs
4. Service Description
4.1. Required Description
4.2. Document Structure
4.2.1. WSDL Schema Definitions
4.2.2. WSDL and Schema Import
4.2.3. WSDL Import location Attribute Structure
4.2.4. WSDL Import location Attribute Semantics
4.2.5. Placement of WSDL import Elements
4.2.6. XML Version Requirements
4.2.7. XML Namespace Declarations
4.2.8. WSDL and the Unicode BOM
4.2.9. Acceptable WSDL Character Encodings
4.2.10. Namespace Coercion
4.2.11. WSDL documentation Element
4.2.12. WSDL Extensions
4.3. Types
4.3.1. QName References
4.3.2. Schema targetNamespace Structure
4.3.3. soapenc:Array
4.3.4. WSDL and Schema Definition Target Namespaces
4.3.5. Multiple GED Definitions with the same QName
4.3.6. Multiple Type Definitions with the same QName
4.4. Messages
4.4.1. Bindings and Parts
4.4.2. Bindings and Faults
4.4.3. Unbound portType Element Contents
4.4.4. Declaration of part Elements
4.5. Port Types
4.5.1. Ordering of part Elements
4.5.2. Allowed Operations
4.5.3. Distinctive Operations
4.5.4. parameterOrder Attribute Construction
4.5.5. Exclusivity of type and element Attributes
4.6. Bindings
4.6.1. Use of SOAP Binding
4.7. SOAP Binding
4.7.1. Specifying the transport Attribute
4.7.2. HTTP Transport
4.7.3. Consistency of style Attribute
4.7.4. Encodings and the use Attribute
4.7.5. Multiple Bindings for portType Elements
4.7.6. Operation Signatures
4.7.7. Multiple Ports on an Endpoint
4.7.8. Child Element for Document-Literal Bindings
4.7.9. One-Way Operations
4.7.10. Namespaces for wsoap12 Elements
4.7.11. Consistency of portType and binding Elements
4.7.12. Enumeration of Faults
4.7.13. Type and Name of SOAP Binding Elements
4.7.14. name Attribute on Faults
4.7.15. Omission of the use Attribute
4.7.16. Default for use Attribute
4.7.17. Consistency of Envelopes with Descriptions
4.7.18. Response Wrappers
4.7.19. Part Accessors
4.7.20. Namespaces for Children of Part Accessors
4.7.21. Required Headers
4.7.22. Allowing Undescribed Headers
4.7.23. Ordering Headers
4.7.24. Describing action Parameter on the Content-Type MIME Header
4.7.25. SOAPAction HTTP Header
4.7.26. SOAP Binding Extensions
4.8. Use of @soapActionRequired in WSDL 1.1 SOAP 1.2 Binding
4.9. Use of XML Schema
4.10. WS-Addresing 1.0 - Metadata
5. Service Publication and Discovery
5.1. bindingTemplates
5.2. tModels
6. Security
6.1. Use of HTTPS
Appendix A: Referenced Specifications
Appendix B: Extensibility Points
Appendix C: Normative References
Appendix D: Defined Terms
Appendix E: Acknowledgements

1. Introduction

This document defines the WS-I Basic Profile 2.0 (hereafter, "Profile"), consisting of a set of non-proprietary Web services specifications, along with clarifications, refinements, interpretations and amplifications of those specifications which promote interoperability.

Section 1 introduces the Profile, and explains its relationships to other profiles.

Section 2, "Profile Conformance," explains what it means to be conformant to the Profile.

Each subsequent section addresses a component of the Profile, and consists of two parts; an overview detailing the component specifications and their extensibility points, followed by subsections that address individual parts of the component specifications. Note that there is no relationship between the section numbers in this document and those in the referenced specifications.

1.1 Relationships to Other Profiles

This Profile is derived from the Basic Profile 1.1 by incorporating any errata to date and including those requirements related to the serialization of envelopes and their representation in messages from the Simple SOAP Binding Profile 1.0.

This Profile is NOT intended to be composed with the Simple SOAP Binding Profile 1.0. The Attachments Profile 1.0 adds support for SOAP with Attachments, and is intended to be used in combination with this Profile.

1.2 Guiding Principles

The Profile was developed according to a set of principles that, together, form the philosophy of the Profile, as it relates to bringing about interoperability. This section documents these guidelines.

No guarantee of interoperability

It is impossible to completely guarantee the interoperability of a particular service. However, the Profile does address the most common problems that implementation experience has revealed to date.

Application semantics

Although communication of application semantics can be facilitated by the technologies that comprise the Profile, assuring the common understanding of those semantics is not addressed by it.

Testability

When possible, the Profile makes statements that are testable. However, such testability is not required. Preferably, testing is achieved in a non-intrusive manner (e.g., examining artifacts "on the wire").

Strength of requirements

The Profile makes strong requirements (e.g., MUST, MUST NOT) wherever feasible; if there are legitimate cases where such a requirement cannot be met, conditional requirements (e.g., SHOULD, SHOULD NOT) are used. Optional and conditional requirements introduce ambiguity and mismatches between implementations.

Restriction vs. relaxation

When amplifying the requirements of referenced specifications, the Profile may restrict them, but does not relax them (e.g., change a MUST to a MAY).

Multiple mechanisms

If a referenced specification allows multiple mechanisms to be used interchangeably, the Profile selects those that are well-understood, widely implemented and useful. Extraneous or underspecified mechanisms and extensions introduce complexity and therefore reduce interoperability.

Future compatibility

When possible, the Profile aligns its requirements with in-progress revisions to the specifications it references. This aids implementers by enabling a graceful transition, and assures that WS-I does not 'fork' from these efforts. When the Profile cannot address an issue in a specification it references, this information is communicated to the appropriate body to assure its consideration.

Compatibility with deployed services

Backwards compatibility with deployed Web services is not a goal for the Profile, but due consideration is given to it; the Profile does not introduce a change to the requirements of a referenced specification unless doing so addresses specific interoperability issues.

Focus on interoperability

Although there are potentially a number of inconsistencies and design flaws in the referenced specifications, the Profile only addresses those that affect interoperability.

Conformance targets

Where possible, the Profile places requirements on artifacts (e.g., WSDL descriptions, SOAP messages) rather than the producing or consuming software's behaviors or roles. Artifacts are concrete, making them easier to verify and therefore making conformance easier to understand and less error-prone.

Lower-layer interoperability

The Profile speaks to interoperability at the application layer; it assumes that interoperability of lower-layer protocols (e.g., TCP, IP, Ethernet) is adequate and well-understood. Similarly, statements about application-layer substrate protocols (e.g., SSL/TLS, HTTP) are only made when there is an issue affecting Web services specifically; WS-I does not attempt to assure the interoperability of these protocols as a whole. This assures that WS-I's expertise in and focus on Web services standards is used effectively.

1.3 Compatibility with Basic Profile 1.1 and 1.2

The Basic Profile 2.0 is the first version of the WS-I Basic Profile that changes the version of SOAP in the profile scope from SOAP 1.1 to the W3C SOAP 1.2 Recommendation. As such, clients, servers and the artifacts that comprise a Basic Profile 1.0, 1.1 or 1.2 conformant application are inherently incompatible with an application that is conformant with the Basic Profile 2.0. However, in general, the Basic Profile WG members have tried to preserve in the Basic Profile 2.0 as much consistency with the guidance and constraints of the Basic Profile 1.0, 1.1 and 1.2 as possible. This has been in part facilitated by the fact that the WG tried to remain consistent in the guidance and constraints of the original Basic Profile with the decisions that were being made in the context of the W3C XML Protocols WG as they were concurrently working on the SOAP 1.2 specificatons. For the most part, issues that were resolved in the context of the development of the Basic Profile 1.0, 1.1 and 1.2 were not revisited.

1.4 Notational Conventions

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119.

Normative statements of requirements in the Profile (i.e., those impacting conformance, as outlined in "Conformance Requirements") are presented in the following manner:

RnnnnStatement text here.

where "nnnn" is replaced by a number that is unique among the requirements in the Profile, thereby forming a unique requirement identifier.

Requirement identifiers can be considered to be namespace qualified, in such a way as to be compatible with QNames from Namespaces in XML. If there is no explicit namespace prefix on a requirement's identifier (e.g., "R9999" as opposed to "bp10:R9999"), it should be interpreted as being in the namespace identified by the conformance URI of the document section it occurs in. If it is qualified, the prefix should be interpreted according to the namespace mappings in effect, as documented below.

Some requirements clarify the referenced specification(s), but do not place additional constraints upon implementations. For convenience, clarifications are annotated in the following manner: C

Some requirements are derived from ongoing standardization work on the referenced specification(s). For convenience, such forward-derived statements are annotated in the following manner: xxxx, where "xxxx" is an identifier for the specification (e.g., "WSDL20" for WSDL Version 2.0). Note that because such work was not complete when this document was published, the specification that the requirement is derived from may change; this information is included only as a convenience to implementers.

As noted above, some requirements may present compatibility issues (whether forwards or backwards) with previously published versions of the profile. For convenience, such requirements are annotated in the following manner: Compat

Extensibility points in underlying specifications (see "Conformance Scope") are presented in a similar manner:

EnnnnExtensibility Point Name - Description

where "nnnn" is replaced by a number that is unique among the extensibility points in the Profile. As with requirement statements, extensibility statements can be considered namespace-qualified.

This specification uses a number of namespace prefixes throughout; their associated URIs are listed below. Note that the choice of any namespace prefix is arbitrary and not semantically significant.

• soap - " http://www.w3.org/2003/05/soap-envelope "
• xsi - " http://www.w3.org/2001/XMLSchema-instance "
• xsd - " http://www.w3.org/2001/XMLSchema "
• soapenc - " http://schemas.xmlsoap.org/soap/encoding/ "
• wsdl - " http://schemas.xmlsoap.org/wsdl/ "
• wsoap12 - " http://schemas.xmlsoap.org/wsdl/soap12/ "
• uddi - "urn:uddi-org:api_v2"
• wsa - " http://www.w3.org/2005/08/addressing "
• xop - " http://www.w3.org/2004/08/xop/include "

1.5 Profile Identification and Versioning

This document is identified by a name (in this case, Basic Profile) and a version number (here, 2.0). Together, they identify a particular profile instance.

Version numbers are composed of a major and minor portion, in the form "major.minor". They can be used to determine the precedence of a profile instance; a higher version number (considering both the major and minor components) indicates that an instance is more recent, and therefore supersedes earlier instances.

Instances of profiles with the same name (e.g., "Example Profile 1.1" and "Example Profile 5.0") address interoperability problems in the same general scope (although some developments may require the exact scope of a profile to change between instances).

One can also use this information to determine whether two instances of a profile are backwards-compatible; that is, whether one can assume that conformance to an earlier profile instance implies conformance to a later one. Profile instances with the same name and major version number (e.g., "Example Profile 1.0" and "Example Profile 1.1") MAY be considered compatible. Note that this does not imply anything about compatibility in the other direction; that is, one cannot assume that conformance with a later profile instance implies conformance to an earlier one.

2 Profile Conformance

Conformance to the Profile is defined by adherence to the set of requirements defined for a specific target, within the scope of the Profile. This section explains these terms and describes how conformance is defined and used.

2.1 Conformance Requirements

Requirements state the criteria for conformance to the Profile. They typically refer to an existing specification and embody refinements, amplifications, interpretations and clarifications to it in order to improve interoperability. All requirements in the Profile are considered normative, and those in the specifications it references that are in-scope (see "Conformance Scope") should likewise be considered normative. When requirements in the Profile and its referenced specifications contradict each other, the Profile's requirements take precedence for purposes of Profile conformance.

Requirement levels, using RFC2119 language (e.g., MUST, MAY, SHOULD) indicate the nature of the requirement and its impact on conformance. Each requirement is individually identified (e.g., R9999) for convenience.

For example;

R9999 Any WIDGET SHOULD be round in shape.

This requirement is identified by "R9999", applies to the target WIDGET (see below), and places a conditional requirement upon widgets; i.e., although this requirement must be met to maintain conformance in most cases, there are some situations where there may be valid reasons for it not being met (which are explained in the requirement itself, or in its accompanying text).

Each requirement statement contains exactly one requirement level keyword (e.g., "MUST") and one conformance target keyword (e.g., "MESSAGE"). The conformance target keyword appears in bold text (e.g. "MESSAGE"). Other conformance targets appearing in non-bold text are being used strictly for their definition and NOT as a conformance target. Additional text may be included to illuminate a requirement or group of requirements (e.g., rationale and examples); however, prose surrounding requirement statements must not be considered in determining conformance.

Definitions of terms in the Profile are considered authoritative for the purposes of determining conformance.

None of the requirements in the Profile, regardless of their conformance level, should be interpreted as limiting the ability of an otherwise conforming implementation to apply security countermeasures in response to a real or perceived threat (e.g., a denial of service attack).

2.2 Conformance Targets

Conformance targets identify what artifacts (e.g., SOAP message, WSDL description, UDDI registry data) or parties (e.g., SOAP processor, end user) requirements apply to.

This allows for the definition of conformance in different contexts, to assure unambiguous interpretation of the applicability of requirements, and to allow conformance testing of artifacts (e.g., SOAP messages and WSDL descriptions) and the behavior of various parties to a Web service (e.g., clients and service instances).

Requirements' conformance targets are physical artifacts wherever possible, to simplify testing and avoid ambiguity.

The following conformance targets are used in the Profile:

• MESSAGE - protocol elements that transport the ENVELOPE (e.g., SOAP/HTTP messages)
• ENVELOPE - the serialization of the soap:Envelope element and its content
• DESCRIPTION - descriptions of types, messages, interfaces and their concrete protocol and data format bindings, and the network access points associated with Web services (e.g., WSDL descriptions) (from Basic Profile 1.0)
• INSTANCE - software that implements a wsdl:port or a uddi:bindingTemplate (from Basic Profile 1.0)
• CONSUMER - software that invokes an INSTANCE (from Basic Profile 1.0)
• SENDER - software that generates a message according to the protocol(s) associated with it (from Basic Profile 1.0)
• RECEIVER - software that consumes a message according to the protocol(s) associated with it (e.g., SOAP processors) (from Basic Profile 1.0)
• REGDATA - registry elements that are involved in the registration and discovery of Web services (e.g. UDDI tModels) (from Basic Profile 1.0)
• SIMPLE_SOAP_MESSAGE - A MESSAGE that has as an entity-body that has a 'Content-Type' HTTP header field with a field-value of 'application/soap+xml'
• XOP_ENCODED_MESSAGE - A MESSAGE that has an entity-body that has a 'Content-Type' HTTP header field with a field-value of 'multipart/related' with a type parameter of 'application/xop+xml'

2.3 Conformance Scope

The scope of the Profile delineates the technologies that it addresses; in other words, the Profile only attempts to improve interoperability within its own scope. Generally, the Profile's scope is bounded by the specifications referenced by it.

The Profile's scope is further refined by extensibility points. Referenced specifications often provide extension mechanisms and unspecified or open-ended configuration parameters; when identified in the Profile as an extensibility point, such a mechanism or parameter is outside the scope of the Profile, and its use or non-use is not relevant to conformance.

Note that the Profile may still place requirements on the use of an extensibility point. Also, specific uses of extensibility points may be further restricted by other profiles, to improve interoperability when used in conjunction with the Profile.

Because the use of extensibility points may impair interoperability, their use should be negotiated or documented in some fashion by the parties to a Web service; for example, this could take the form of an out-of-band agreement.

The Profile's scope is defined by the referenced specifications in Appendix A, as refined by the extensibility points in Appendix B.

2.4 Claiming Conformance

Claims of conformance to the Profile can be made using the following mechanisms, as described in Conformance Claim Attachment Mechanisms, when the applicable Profile requirements associated with the listed targets have been met:

• WSDL 1.1 Claim Attachment Mechanism for Web Services Instances - MESSAGE DESCRIPTION INSTANCE RECEIVER
• WSDL 1.1 Claim Attachment Mechanism for Description Constructs - DESCRIPTION
• UDDI Claim Attachment Mechanism for Web Services Instances - MESSAGE DESCRIPTION INSTANCE RECEIVER
• UDDI Claim Attachment Mechanism for Web Services Registrations - REGDATA

The conformance claim URI for this Profile is " http://ws-i.org/profiles/basic/2.0 " .

3. Messaging

This section of the Profile incorporates the following specifications by reference, and defines extensibility points within them:

• SOAP Version 1.2 Part 1: Messaging Framework (Second Edition)
  Extensibility points:
  • E0001 - Header blocks - Header blocks are the fundamental extensibility mechanism in SOAP.
  • E0002 - Processing order - The order of processing of a SOAP envelope's components (e.g., headers) is unspecified, and therefore may need to be negotiated out-of-band.
  • E0003 - Use of intermediaries - SOAP Intermediaries is an underspecified mechanism in SOAP 1.2, and their use may require out-of-band negotiation. Their use may also necessitate careful consideration of where Profile conformance is measured.
  • E0004 - soap:actor values - Values of the soap:actor attribute, other than the special uri 'http://schemas.xmlsoap.org/soap/actor/next' , represent a private agreement between parties of the web service.
  • E0005 - Fault details - the contents of a Fault's detail element are not prescribed by SOAP 1.2.
  • E0006 - Envelope serialization - The Profile does not constrain some aspects of how the envelope is serialized into the message.
• SOAP Version 1.2 Part 2: Adjuncts (Second Edition)
  Extensibility points:
  • E0026 - SOAP envelope in HTTP response message to WSDL one-way operation - The SOAP 1.2 Request Response Binding specification does not specify the purpose or processing of such envelopes.
• RFC2616: Hypertext Transfer Protocol -- HTTP/1.1
  Extensibility points:
  • E0007 - HTTP Authentication - HTTP authentication allows for extension schemes, arbitrary digest hash algorithms and parameters.
  • E0008 - Unspecified Header Fields - HTTP allows arbitrary headers to occur in messages.
  • E0009 - Expect-extensions - The Expect/Continue mechanism in HTTP allows for expect-extensions.
  • E0010 - Content-Encoding - The set of content-codings allowed by HTTP is open-ended and any besides 'gzip', 'compress', or 'deflate' are an extensibility point.
  • E0011 - Transfer-Encoding - The set of transfer-encodings allowed by HTTP is open-ended.
  • E0012 - Upgrade - HTTP allows a connection to change to an arbitrary protocol using the Upgrade header.
  • E0024 - Namespace Attributes - Namespace attributes on soap:Envelope and soap:Header elements
  • E0025 - Attributes on soap:Body elements - Neither namespaced nor local attributes are constrained by SOAP 1.2.
  • E0029 - Use of messages other than SOAP 1.2 or XOP messages - Use of Messages other than a SIMPLE_SOAP_MESSAGE or a XOP_ENCODED_MESSAGE is an extensibility point
• RFC2965: HTTP State Management Mechanism
• WS-Addressing 1.0 - Core
• WS-Addressing 1.0 - SOAP Binding (except for sections 4, 5.1.1, 5.2.1 and 6.2)
  Extensibility points:
  • E0027 - Use of soap:actor and WS-Addressing - WS-Addressing allows multiple instances of headers such as wsa:To, wsa:ReplyTo, and wsa:FaultTo, so long as they are targeted to different SOAP roles.
  • E0028 - Endpoint references are extensible - When extension attributes or elements appear as part of an endpoint reference, the processing model for such extensions is defined by the specification for those extensions.
• WS-Addressing 1.0 - Metadata (except for sections 3.1.1, 3.2.1, 3.3, 4.1.1, 4.4.2, 4.4.3 and 5.2)
• SOAP Message Transmission Optimization Mechanism
• XML-Binary Optimized Packaging

3.1 Message Serialization

The profile is intended to compose with mechanisms currently under development to describe whether messages are encoded as SIMPLE_SOAP_MESSAGEs or XOP_ENCODED_MESSAGEs. As such it does not mandate that both of those encodings be supported for any given operation. Indeed, neither of these encodings need be supported if an alternate encoding such as that described in the Attachments Profile 1.0 is used.

SOAP 1.2 defines an XML structure for transmitting messages, the envelope. The Profile places the following constraints on the use and serialization of the soap:Envelope element and its content:

MIME-Version: 1.0
Content-Type: Multipart/Related;boundary=MIME_boundary;
  type="application/xop+xml";
  start="<mymessage.xml@example.org>";
  start-info="application/soap+xml"; action="ProcessData"

--MIME_boundary
Content-Type: application/xop+xml;
  charset=UTF-8;
  type="application/soap+xml; action=\"ProcessData\""
Content-Transfer-Encoding: 8bit
Content-ID: <mymessage.xml@example.org>

[...]   
                  

MIME-Version: 1.0
Content-Type: Multipart/Related;boundary=MIME_boundary;
  type="application/xop+xml";
  start="<mymessage.xml@example.org>";
  start-info="application/soap+xml; action=\"ProcessData\""
Content-Description: A SOAP message with my pic and sig in it

--MIME_boundary
Content-Type: application/xop+xml;
  charset=UTF-8;
  type="application/soap+xml; action=\"ProcessData\""
Content-Transfer-Encoding: 8bit
Content-ID: <mymessage.xml@example.org>

[...]  
                  

3.2 SOAP Envelopes

This section of the Profile incorporates the following specifications by reference:

• SOAP 1.2, Section 5

SOAP 1.2 defines a structure for composing messages, the envelope. The Profile mandates the use of that structure, and places the following constraints on its use:

3.3 SOAP Processing Model

This section of the Profile incorporates the following specifications by reference:

• SOAP Version 1.2 Part 1, Section 2

SOAP 1.2 defines a model for the processing of envelopes. In particular, it defines rules for the processing of header blocks and the envelope body. It also defines rules related to generation of faults. The Profile places the following constraints on the processing model:

3.4 SOAP Faults

3.5 Treatment of URIs in SOAP

3.6 Support for WS-Addressing

WS-Addressing is a part of core Web services infrastructure. To facilitate interoperability and to provide a common baseline, this profile requires compliant clients and services to provide support for WS-Addressing Core, WS-Addressing SOAP Binding and WS-Addressing Metadata.

Support for WS-Addressing by a specific "service" is optional. However, a service may require the use of WS-Addressing, in which case, for successful interaction with that service, a client will need to support it.

3.7 Use of WS-Addressing MAPs

This section of the Profile incorporates the following specifications by reference:

• WS-Addressing 1.0 - Core
• WS-Addressing 1.0 - SOAP Binding
• WS-Addressing 1.0 - Metadata, Section 5.1

When using WS-Addressing, the Profile requires conformance to WS-Addressing 1.0 - Core, WS-Addressing 1.0 - SOAP Binding and WS-Addressing 1.0 Metadata, Section 5.1 and places the following additional constraints.

3.8 Use of SOAP in HTTP

This section of the Profile incorporates the following specifications by reference:

• SOAP Version 1.2 Part 2, Section 7
• HTTP/1.1
• HTTP State Management Mechanism

SOAP 1.2 defines a single protocol binding, for HTTP. The Profile mandates the use of that binding, and places the following constraints on its use:

3.9 Use of URIs in SOAP

This section of the Profile incorporates the following specifications by reference:

• SOAP Version 1.2 Part 1, Section 6

SOAP 1.2 uses URIs as identifiers. For example, the role attribute value is a URI that identify the SOAP node to which a particular header block is targeted. The Profile places the following constraints on the use of such URI values:

4. Service Description

The Profile uses Web Services Description Language (WSDL) to enable the description of services as sets of endpoints operating on messages.

This section of the Profile incorporates the following specifications by reference, and defines extensibility points within them:

• Extensible Markup Language (XML) 1.0 (Fourth Edition)
• Namespaces in XML 1.0 (Second Edition)
• XML Schema Part 1: Structures
  Extensibility points:
  • E0017 - Schema annotations - XML Schema allows for annotations, which may be used to convey additional information about data structures.
• XML Schema Part 2: Datatypes
• Web Services Description Language (WSDL) 1.1
  Extensibility points:
  • E0013 - WSDL extensions - WSDL allows extension elements and attributes in certain places, including the use and specification of alternate protocol binding extensions; use of such extensions requires out-of-band negotiation.
  • E0014 - Validation mode - whether the parser used to read WSDL and XML Schema documents performs DTD validation or not.
  • E0015 - Fetching of external resources - whether the parser used to read WSDL and XML Schema documents fetches external entities and DTDs.
  • E0016 - Relative URIs - WSDL does not adequately specify the use of relative URIs for the following: wsoap12:body/@namespace, wsoap12:address/@location, wsdl:import/@location, xsd:schema/@targetNamespace and xsd:import/@schemaLocation. Their use may require further coordination; see XML Base for more information.

4.1 Required Description

4.2 Document Structure

This section of the Profile incorporates the following specifications by reference:

• WSDL 1.1, Section 2.1

WSDL 1.1 defines an XML-based structure for describing Web services. The Profile mandates the use of that structure, and places the following constraints on its use:

            <definitions name="StockQuote"
            targetNamespace="http://example.com/stockquote/definitions"
            xmlns:xsd1="http://example.com/stockquote/schemas" ...
            xmlns="http://schemas.xmlsoap.org/wsdl/"> <import
            namespace="http://example.com/stockquote/schemas"
            location="http://example.com/stockquote/stockquote.xsd"/>
            <message name="GetLastTradePriceInput"> <part
            name="body" element="xsd1:TradePriceRequest"/>
            </message> ... </definitions>
          

            <definitions name="StockQuote"
            targetNamespace="http://example.com/stockquote/definitions"
            ... xmlns="http://schemas.xmlsoap.org/wsdl/"> <import
            namespace="http://example.com/stockquote/definitions"
            location="http://example.com/stockquote/stockquote.wsdl"/>
            <message name="GetLastTradePriceInput"> <part
            name="body" element="..."/> </message> ...
            </definitions>
          

            <definitions name="StockQuote"
            targetNamespace="http://example.com/stockquote/"
            xmlns:xsd1="http://example.com/stockquote/schemas" ...
            xmlns="http://schemas.xmlsoap.org/wsdl/"> <import
            namespace="http://example.com/stockquote/definitions"
            location="http://example.com/stockquote/stockquote.wsdl"/>
            <message name="GetLastTradePriceInput"> <part
            name="body" element="xsd1:TradePriceRequest"/>
            </message> ... </definitions>
          

            <definitions name="StockQuote" ...
            xmlns="http://schemas.xmlsoap.org/wsdl/"> <import
            namespace="http://example.com/stockquote/definitions"
            location="http://example.com/stockquote/stockquote.wsdl"/>
            <message name="GetLastTradePriceInput"> <part
            name="body" type="tns:TradePriceRequest"/>
            </message> ... <service
            name="StockQuoteService"> <port name="StockQuotePort"
            binding="tns:StockQuoteSoap"> .... </port>
            </service> <types> <schema
            targetNamespace="http://example.com/stockquote/schemas"
            xmlns="http://www.w3.org/2001/XMLSchema"> .......
            </schema> </types> </definitions>
          

            <definitions name="StockQuote"
            targetNamespace="http://example.com/stockquote/definitions">
            <import namespace="http://example.com/stockquote/base"
            location="http://example.com/stockquote/stockquote.wsdl"/>
            <message name="GetLastTradePriceInput"> <part
            name="body" element="..."/> </message> ...
            </definitions>
          

            <definitions name="StockQuote" ...
            xmlns="http://schemas.xmlsoap.org/wsdl/"> <types>
            <schema
            targetNamespace="http://example.com/stockquote/schemas"
            xmlns="http://www.w3.org/2001/XMLSchema"> .......
            </schema> </types> <message
            name="GetLastTradePriceInput"> <part name="body"
            element="tns:TradePriceRequest"/> </message> ...
            <service name="StockQuoteService"> <port
            name="StockQuotePort" binding="tns:StockQuoteSoap"> ....
            </port> </service> </definitions>
          

4.3 Types

This section of the Profile incorporates the following specifications by reference:

• WSDL 1.1, Section 2.2

The wsdl:types element of WSDL 1.1 encloses data type definitions that are relevant to the Web service described. The Profile places the following constraints pertinent to those portions of the content of the wsdl:types element that are referred to by WSDL elements that make Profile conformance claims:

              <xsd:element name="MyArray2"
              type="tns:MyArray2Type"/> <xsd:complexType
              name="MyArray2Type"
              xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
              xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" >
              <xsd:complexContent> <xsd:restriction
              base="soapenc:Array"> <xsd:sequence>
              <xsd:element name="x" type="xsd:string" minOccurs="0"
              maxOccurs="unbounded"/> </xsd:sequence>
              <xsd:attribute ref="soapenc:arrayType"
              wsdl:arrayType="tns:MyArray2Type[]"/>
              </xsd:restriction> </xsd:complexContent>
              </xsd:complexType>
            

              <MyArray2 soapenc:arrayType="tns:MyArray2Type[]" >
              <x>abcd</x> <x>efgh</x>
              </MyArray2>
            

              <xsd:element name="MyArray1"
              type="tns:MyArray1Type"/> <xsd:complexType
              name="MyArray1Type"> <xsd:sequence>
              <xsd:element name="x" type="xsd:string" minOccurs="0"
              maxOccurs="unbounded"/> </xsd:sequence>
              </xsd:complexType>
            

              <MyArray1> <x>abcd</x>
              <x>efgh</x> </MyArray1>
            

4.4 Messages

This section of the Profile incorporates the following specifications by reference:

• WSDL 1.1, Section 2.3

In WSDL 1.1, wsdl:message elements are used to represent abstract definitions of the data being transmitted. It uses wsdl:binding elements to define how the abstract definitions are bound to a specific message serialization. The Profile places the following constraints on wsdl:message elements and on how conformant wsdl:binding elements may use wsdl:message element(s).

In this section the following definitions are used to make the requirements more compact and easier to understand.

Definition: rpc-literal binding

Definition: document-literal binding

            <message name="GetTradePriceInput"> <part
            name="tickerSymbol" element="xsd:string"/> <part
            name="time" element="xsd:timeInstant"/> </message>
          

            <message name="GetTradePriceInput"> <part
            name="tickerSymbol" element="xsd:string"/>
            </message>
          

            <message name="GetTradePriceInput"> <part
            name="body" element="tns:SubscribeToQuotes"/>
            </message>
          

4.5 Port Types

This section of the Profile incorporates the following specifications by reference:

• WSDL 1.1, Section 2.4

In WSDL 1.1, wsdl:portType elements are used to group a set of abstract operations. The Profile places the following constraints on conformant wsdl:portType element(s):

4.6 Bindings

This section of the Profile incorporates the following specifications by reference:

• WSDL 1.1 Binding Extension for SOAP 1.2

In WSDL 1.1, the wsdl:binding element supplies the concrete protocol and data format specifications for the operations and messages defined by a particular wsdl:portType . The Profile places the following constraints on conformant binding specifications:

4.7 SOAP Binding

This section of the Profile incorporates the following specifications by reference:

• WSDL 1.1 Binding Extension for SOAP 1.2

WSDL 1.1 Binding Extension for SOAP 1.2 defines a binding for SOAP 1.2 endpoints. The Profile mandates the use of the SOAP 1.2 binding as defined in WSDL 1.1 Binding Extension for SOAP 1.2, and places the following constraints on its use:

            <binding name="StockQuoteSoap"
            type="tns:StockQuotePortType"> <wsoap12:binding
            style="document"
            transport="http://schemas.xmlsoap.org/soap/http"/>
            <operation name="SubscribeToQuotes"> <input
            message="tns:SubscribeToQuotes"> <wsoap12:body
            parts="body" use="literal"/> <wsoap12:header
            message="tns:SubscribeToQuotes" part="subscribeheader"
            use="literal"/> </input> </operation>
            </binding>
          

              <definitions xmlns="http://schemas.xmlsoap.org/wsdl/"
              xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
              xmlns:wsoap12="http://schemas.xmlsoap.org/wsdl/soap/"
              xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
              xmlns:xsd="http://www.w3.org/2001/XMLSchema"
              xmlns:bar="http://example.org/bar/"
              targetNamespace="http://example.org/bar/"
              xmlns:foo="http://example.org/foo/"> <types>
              <xsd:schema targetNamespace="http://example.org/foo/"
              xmlns:tns="http://example.org/foo/"
              xmlns:xsd="http://www.w3.org/2001/XMLSchema"
              elementFormDefault="qualified"
              attributeFormDefault="unqualified"> <xsd:complexType
              name="fooType"> <xsd:sequence> <xsd:element
              ref="tns:bar"/> <xsd:element ref="tns:baf"/>
              </xsd:sequence> </xsd:complexType>
              <xsd:element name="bar" type="xsd:string"/>
              <xsd:element name="baf" type="xsd:integer"/>
              </xsd:schema> </types> <message
              name="BarMsg"> <part name="BarAccessor"
              type="foo:fooType"/> </message> <portType
              name="BarPortType"> <operation
              name="BarOperation"> <input
              message="bar:BarMsg"/> </operation>
              </portType> <binding name="Barwsoap12ing"
              type="bar:BarPortType"> <wsoap12:binding
              transport="http://schemas.xmlsoap.org/soap/http"
              style="rpc"/> <operation name="BarOperation">
              <input> <wsoap12:body use="literal"
              namespace="http://example.org/bar/"/> </input>
              </operation> </binding> <service
              name="serviceName"> <port name="BarSOAPPort"
              binding="bar:Barwsoap12ing"> <wsoap12:address
              location="http://example.org/myBarSOAPPort"/>
              </port> </service> </definitions>
            

              <s:Envelope
              xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:xsd="http://www.w3.org/2001/XMLSchema"
              xmlns:foo="http://example.org/foo/"> <s:Header/>
              <s:Body> <m:BarOperation
              xmlns:m="http://example.org/bar/"> <BarAccessor>
              <foo:bar>String</foo:bar>
              <foo:baf>0</foo:baf> </BarAccessor>
              </m:BarOperation> </s:Body>
              </s:Envelope>
            

4.8 Use of @soapActionRequired in WSDL 1.1 SOAP 1.2 Binding

This section of the Profile incorporates the following specifications by reference:

• WSDL 1.1 Binding Extension for SOAP 1.2

The WSDL 1.1 Binding Extension for SOAP 1.2 incorporates an attribute called wsoap12:soapActionRequired that has a default value of 'true'. This has the effect that in order to have the action parameter omitted from the Content-Type HTTP header field, one would need to explicitly include the attribute in a description with a value of 'false'. The action parameter is defined by SOAP 1.2 to be OPTIONAL so as to enable use cases in which the sender of a SOAP message wishes to disallow casual inspection of the clear-text part of the message to infer its purpose or intent. Additionally, implementations are cautioned that they SHOULD NOT require the parameter's presence in a message in order to process the message.

The Profile WG believes that the wsoap12:soapActionRequired attribute runs counter to the SOAP 1.2 specification's intent. Therefore, the attribute has been profiled such that it MUST NOT be used, as it would tend to eliminate the very use cases that lead to the design of the SOAP 1.2 action parameter.

4.9 Use of XML Schema

This section of the Profile incorporates the following specifications by reference:

• XML Schema Part 1: Structures
• XML Schema Part 2: Datatypes

WSDL 1.1 uses XML Schema as one of its type systems. The Profile mandates the use of XML Schema as the type system for WSDL descriptions of Web Services.

4.10 WS-Addresing 1.0 - Metadata

This section of the Profile incorporates the following specifications by reference:

• WS-Addressing 1.0 - Metadata

WS-Addressing MAPs can be specified in a WSDL document. The Profile adds restrictions to such properties specified in WSDL.

5. Service Publication and Discovery

When publication or discovery of Web services is required, UDDI is the mechanism the Profile has adopted to describe Web service providers and the Web services they provide. Business, intended use, and Web service type descriptions are made in UDDI terms; detailed technical descriptions are made in WSDL terms. Where the two specifications define overlapping descriptive data and both forms of description are used, the Profile specifies that the descriptions must not conflict.

Registration of Web service instances in UDDI registries is optional. By no means do all usage scenarios require the kind of metadata and discovery UDDI provides, but where such capability is needed, UDDI is the sanctioned mechanism.

Note that the Web services that constitute UDDI V2 are not fully conformant with the Profile 1.0 because they do not accept messages whose envelopes are encoded in either UTF-8 and UTF-16 as required by the Profile. (They accept UTF-8 only.) That there should be such a discrepancy is hardly surprising given that UDDI V2 was designed and, in many cases, implemented before the Profile was developed. UDDI's designers are aware of UDDI V2's nonconformance and will take it into consideration in their future work.

This section of the Profile incorporates the following specifications by reference:

• UDDI Version 2.04 API Specification, Dated 19 July 2002
• UDDI Version 2.03 Data Structure Reference, Dated 19 July 2002
• UDDI Version 2 XML Schema

5.1 bindingTemplates

This section of the Profile incorporates the following specifications by reference:

• UDDI Version 2.03 Data Structure Reference, Section 7

UDDI represents Web service instances as uddi:bindingTemplate elements. The uddi:bindingTemplate plays a role that is the rough analog of the wsdl:port , but provides options that are not expressible in WSDL. To keep the WSDL description of an instance and its UDDI description consistent, the Profile places the following constraints on how uddi:bindingTemplate elements may be constructed.

            <bindingTemplate bindingKey="..."> <description
            xml:lang="EN">BarSOAPPort</description>
            <hostingRedirector bindingKey="..."/>
            <tModelInstanceDetails> ...
            </tModelInstanceDetails> </bindingTemplate>
          

            <bindingTemplate bindingKey="..."> <description
            xml:lang="EN">BarSOAPPort</description>
            <accessPoint>http://example.org/myBarSOAPPort</accessPoint>
            <tModelInstanceDetails> ...
            </tModelInstanceDetails> </bindingTemplate>
          

5.2 tModels

This section of the Profile incorporates the following specifications by reference:

• UDDI Version 2.03 Data Structure Reference, Section 8

UDDI represents Web service types as uddi:tModel elements. (See UDDI Data Structures section 8.1.1 .) These may, but need not, point (using a URI) to the document that contains the actual description. Further, UDDI is agnostic with respect to the mechanisms used to describe Web service types. The Profile cannot be agnostic about this because interoperation is very much complicated if Web service types do not have descriptions or if the descriptions can take arbitrary forms.

The UDDI API Specification, appendix I.1.2.1.1 allows but does not require uddi:tModel elements that use WSDL to describe the Web service type they represent to state that they use WSDL as the description language. Not doing so leads to interoperability problems because it is then ambiguous what description language is being used.

Therefore the Profile places the following constraints on how uddi:tModel elements that describe Web service types may be constructed:

6. Security

As is true of all network-oriented information technologies, the subject of security is a crucial one for Web services. For Web services, as for other information technologies, security consists of understanding the potential threats an attacker may mount and applying operational, physical, and technological countermeasures to reduce the risk of a successful attack to an acceptable level. Because an "acceptable level of risk" varies hugely depending on the application, and because costs of implementing countermeasures is also highly variable, there can be no universal "right answer" for securing Web services. Choosing the absolutely correct balance of countermeasures and acceptable risk can only be done on a case by case basis.

That said, there are common patterns of countermeasures that experience shows reduce the risks to acceptable levels for many Web services. The Profile adopts, but does not mandate use of, the most widely used of these: HTTP secured with either TLS 1.0 or SSL 3.0 (HTTPS). That is, conformant Web services may use HTTPS; they may also use other countermeasure technologies or none at all.

HTTPS is widely regarded as a mature standard for encrypted transport connections to provide a basic level of confidentiality. HTTPS thus forms the first and simplest means of achieving some basic security features that are required by many real-world Web service applications. HTTPS may also be used to provide client authentication through the use of client-side certificates.

This section of the Profile incorporates the following specifications by reference, and defines extensibility points within them:

• RFC2818: HTTP Over TLS
• RFC2246: The TLS Protocol Version 1.0
  Extensibility points:
  • E0019 - TLS Cyphersuite - TLS allows for the use of arbitrary encryption algorithms.
  • E0020 - TLS Extensions - TLS allows for extensions during the handshake phase.
• The SSL Protocol Version 3.0
  Extensibility points:
  • E0021 - SSL Cyphersuite - SSL allows for the use of arbitrary encryption algorithms.
• RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile
  Extensibility points:
  • E0022 - Certificate Authority - The choice of the Certificate Authority is a private agreement between parties.
  • E0023 - Certificate Extensions - X509 allows for arbitrary certificate extensions.

6.1 Use of HTTPS

Appendix A: Referenced Specifications

The following specifications' requirements are incorporated into the Profile by reference, except where superseded by the Profile:

• SOAP Version 1.2 Part 1: Messaging Framework (Second Edition)
• SOAP Version 1.2 Part 2: Adjuncts (Second Edition)
• RFC2616: Hypertext Transfer Protocol -- HTTP/1.1
• RFC2965: HTTP State Management Mechanism
• WS-Addressing 1.0 - Core
• WS-Addressing 1.0 - SOAP Binding (except for sections 4, 5.1.1, 5.2.1 and 6.2)
• WS-Addressing 1.0 - Metadata (except for sections 3.1.1, 3.2.1, 3.3, 4.1.1, 4.4.2, 4.4.3 and 5.2)
• SOAP Message Transmission Optimization Mechanism
• XML-Binary Optimized Packaging
• SOAP 1.2, Section 5
• SOAP Version 1.2 Part 1, Section 2
• WS-Addressing 1.0 - Core
• WS-Addressing 1.0 - SOAP Binding
• WS-Addressing 1.0 - Metadata, Section 5.1
• SOAP Version 1.2 Part 2, Section 7
• HTTP/1.1
• HTTP State Management Mechanism
• SOAP Version 1.2 Part 1, Section 6
• Extensible Markup Language (XML) 1.0 (Fourth Edition)
• Namespaces in XML 1.0 (Second Edition)
• XML Schema Part 1: Structures
• XML Schema Part 2: Datatypes
• Web Services Description Language (WSDL) 1.1
• WSDL 1.1, Section 2.1
• WSDL 1.1, Section 2.2
• WSDL 1.1, Section 2.3
• WSDL 1.1, Section 2.4
• WSDL 1.1 Binding Extension for SOAP 1.2
• WSDL 1.1 Binding Extension for SOAP 1.2
• WSDL 1.1 Binding Extension for SOAP 1.2
• XML Schema Part 1: Structures
• XML Schema Part 2: Datatypes
• WS-Addressing 1.0 - Metadata
• UDDI Version 2.04 API Specification, Dated 19 July 2002
• UDDI Version 2.03 Data Structure Reference, Dated 19 July 2002
• UDDI Version 2 XML Schema
• UDDI Version 2.03 Data Structure Reference, Section 7
• UDDI Version 2.03 Data Structure Reference, Section 8
• RFC2818: HTTP Over TLS
• RFC2246: The TLS Protocol Version 1.0
• The SSL Protocol Version 3.0
• RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile

Appendix B: Extensibility Points

This section identifies extensibility points, as defined in "Scope of the Profile," for the Profile's component specifications.

These mechanisms are out of the scope of the Profile; their use may affect interoperability, and may require private agreement between the parties to a Web service.

In SOAP Version 1.2 Part 1: Messaging Framework (Second Edition):

• E0001 - Header blocks - Header blocks are the fundamental extensibility mechanism in SOAP.
• E0002 - Processing order - The order of processing of a SOAP envelope's components (e.g., headers) is unspecified, and therefore may need to be negotiated out-of-band.
• E0003 - Use of intermediaries - SOAP Intermediaries is an underspecified mechanism in SOAP 1.2, and their use may require out-of-band negotiation. Their use may also necessitate careful consideration of where Profile conformance is measured.
• E0004 - soap:actor values - Values of the soap:actor attribute, other than the special uri 'http://schemas.xmlsoap.org/soap/actor/next' , represent a private agreement between parties of the web service.
• E0005 - Fault details - the contents of a Fault's detail element are not prescribed by SOAP 1.2.
• E0006 - Envelope serialization - The Profile does not constrain some aspects of how the envelope is serialized into the message.

In SOAP Version 1.2 Part 2: Adjuncts (Second Edition):

• E0026 - SOAP envelope in HTTP response message to WSDL one-way operation - The SOAP 1.2 Request Response Binding specification does not specify the purpose or processing of such envelopes.

In RFC2616: Hypertext Transfer Protocol -- HTTP/1.1:

• E0007 - HTTP Authentication - HTTP authentication allows for extension schemes, arbitrary digest hash algorithms and parameters.
• E0008 - Unspecified Header Fields - HTTP allows arbitrary headers to occur in messages.
• E0009 - Expect-extensions - The Expect/Continue mechanism in HTTP allows for expect-extensions.
• E0010 - Content-Encoding - The set of content-codings allowed by HTTP is open-ended and any besides 'gzip', 'compress', or 'deflate' are an extensibility point.
• E0011 - Transfer-Encoding - The set of transfer-encodings allowed by HTTP is open-ended.
• E0012 - Upgrade - HTTP allows a connection to change to an arbitrary protocol using the Upgrade header.
• E0024 - Namespace Attributes - Namespace attributes on soap:Envelope and soap:Header elements
• E0025 - Attributes on soap:Body elements - Neither namespaced nor local attributes are constrained by SOAP 1.2.
• E0029 - Use of messages other than SOAP 1.2 or XOP messages - Use of Messages other than a SIMPLE_SOAP_MESSAGE or a XOP_ENCODED_MESSAGE is an extensibility point

In WS-Addressing 1.0 - SOAP Binding (except for sections 4, 5.1.1, 5.2.1 and 6.2):

• E0027 - Use of soap:actor and WS-Addressing - WS-Addressing allows multiple instances of headers such as wsa:To, wsa:ReplyTo, and wsa:FaultTo, so long as they are targeted to different SOAP roles.
• E0028 - Endpoint references are extensible - When extension attributes or elements appear as part of an endpoint reference, the processing model for such extensions is defined by the specification for those extensions.

In XML Schema Part 1: Structures:

• E0017 - Schema annotations - XML Schema allows for annotations, which may be used to convey additional information about data structures.

In Web Services Description Language (WSDL) 1.1:

• E0013 - WSDL extensions - WSDL allows extension elements and attributes in certain places, including the use and specification of alternate protocol binding extensions; use of such extensions requires out-of-band negotiation.
• E0014 - Validation mode - whether the parser used to read WSDL and XML Schema documents performs DTD validation or not.
• E0015 - Fetching of external resources - whether the parser used to read WSDL and XML Schema documents fetches external entities and DTDs.
• E0016 - Relative URIs - WSDL does not adequately specify the use of relative URIs for the following: wsoap12:body/@namespace, wsoap12:address/@location, wsdl:import/@location, xsd:schema/@targetNamespace and xsd:import/@schemaLocation. Their use may require further coordination; see XML Base for more information.

In RFC2246: The TLS Protocol Version 1.0:

• E0019 - TLS Cyphersuite - TLS allows for the use of arbitrary encryption algorithms.
• E0020 - TLS Extensions - TLS allows for extensions during the handshake phase.

In The SSL Protocol Version 3.0:

• E0021 - SSL Cyphersuite - SSL allows for the use of arbitrary encryption algorithms.

In RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile:

• E0022 - Certificate Authority - The choice of the Certificate Authority is a private agreement between parties.
• E0023 - Certificate Extensions - X509 allows for arbitrary certificate extensions.

Appendix C: Normative References

In addition to all of the profiled specifications listed in Appendix A, the following specifications are normatively referenced:

RFC2119 http://ietf.org/rfc/rfc2119 Key words for use in RFCs to Indicate Requirement Levels, S. Bradner March 1997

WS-I Basic Profile 1.0 http://www.ws-i.org/Profiles/BasicProfile-1.0-2004-04-16.html, K. Ballinger et al April 2004

Namespaces in XML 1.0 (Second Edition) http://www.w3.org/TR/REC-xml-names/ T. Bray et al August 2006

WS-I Conformance Claim Attachment Mechanisms Version 1.0 http://www.ws-i.org/Profiles/ConformanceClaims-1.0-2004-11-15.html, M. Nottingham et al November 2004

Appendix D: Defined Terms

The following list of terms have specific definitions that are authoritative for this profile:

rpc-literal binding

An "rpc-literal binding" is a wsdl:binding element whose child wsdl:operation elements are all rpc-literal operations.

An "rpc-literal operation" is a wsdl:operation child element of wsdl:binding whose wsoap12:body descendant elements specify the use attribute with the value "literal", and either:

1. The style attribute with the value "rpc" is specified on the child wsoap12:operation element; or
2. The style attribute is not present on the child wsoap12:operation element, and the wsoap12:binding element in the enclosing wsdl:binding specifies the style attribute with the value "rpc".

document-literal binding

A "document-literal binding" is a wsdl:binding element whose child wsdl:operation elements are all document-literal operations.

A "document-literal operation" is a wsdl:operation child element of wsdl:binding whose wsoap12:body descendent elements specifies the use attribute with the value "literal" and, either:

1. The style attribute with the value "document" is specified on the child wsoap12:operation element; or
2. The style attribute is not present on the child wsoap12:operation element, and the wsoap12:binding element in the enclosing wsdl:binding specifies the style attribute with the value "document"; or
3. The style attribute is not present on both the child wsoap12:operation element and the wsoap12:binding element in the enclosing wsdl:binding .

operation signature

The Profile defines the "operation signature" to be the fully qualified name of the child element of SOAP body of the SOAP input message described by an operation in a WSDL binding and the URI value of the wsa:Action SOAP header block, if present. Compat

In the case of rpc-literal binding, the operation name is used as a wrapper for the part accessors. In the document-literal case, since a wrapper with the operation name is not present, the message signatures must be correctly designed so that they meet this requirement.

Appendix E: Acknowledgements

This document is the work of the WS-I Basic Profile Working Group, whose members have included:

Mark Allerton (Crystal Decisions Corp), Steve Anderson (OpenNetwork), George Arriola (Talking Blocks, Inc.), Siddharth Bajaj (Verisign), Keith Ballinger (Microsoft Corp.), David Baum (Kantega AS), Ilya Beyer (KANA), Rich Bonneau (IONA Technologies), Don Box (Microsoft Corp.), Andrew Brown (Verisign), Heidi Buelow (Quovadx), David Burdett (Commerce One, Inc.), Luis Felipe Cabrera (Microsoft Corp.), Maud Cahuzac (France Telecom), Mike Chadwick (Kaiser Permanente), Martin Chapman (Oracle Corporation), Richard Chennault (Kaiser Permanente), Roberto Chinnici (Sun Microsystems), Dipak Chopra (SAP AG), Jamie Clark (OASIS), David Cohen (Merrill Lynch), Ugo Corda (SeeBeyond Tech), Paul Cotton (Microsoft Corp.), Joseph Curran (Accenture), Alex Deacon (Verisign), Mike DeNicola (Fujitsu Limited), Rohit Dewan (Westbridge Technology), Paul Downey (BT Group), Jacques Durand (Fujitsu Limited), Aladin Eajani (Hummingbird, Ltd.), Michael Eder (Nokia), Dave Ehnebuske (IBM), Mark Ericson (Mindreef Inc), Colleen Evans (Microsoft Corp.), Tim Ewald (Microsoft Corp.), Chuck Fay (FileNET Corp.), Leonid Felikson (Freddie Mac), Chris Ferris (IBM), Daniel Foody (Actional Corporation), Satoru Fujita (NEC Corporation), Shishir Garg (France Telecom), Yaron Goland (BEA Systems Inc), Marc Goodner (Microsoft Corp.), Pierre Goyette (Hummingbird, Ltd.), Hans Granqvist (Verisign), Marc Graveline (Cognos), Martin Gudgin (Microsoft Corp.), Arun Gupta (Sun Microsystems), Marc Hadley (Sun Microsystems), Norma Hale (Webify Solutions Inc), Bob Hall (Unisys Corporation), Scott Hanselman (Corillian), Muir Harding (Autodesk Inc.), Loren Hart (Verisign), Andrew Hately (IBM), Harry Holstrom (Accenture), Lawrence Hsiung (Quovadx), Hemant Jain (Tata Consultancy), Steve Jenisch (SAS Institute), Ram Jeyaraman (Microsoft Corp.), Lei Jin (BEA Systems Inc), Erik Johnson (Epicor Software), Bill Jones (Oracle Corporation), Anish Karmarkar (Oracle Corporation), Dana Kaufman (Forum Systems), Takahiro Kawamura (Toshiba), Oldre Kepka (Systinet), Bhushan Khanal (WRQ Inc.), Sandy Khaund (Microsoft Corp.), Doug Kohlert (Sun Microsystems), Jacek Kopecky (Systinet), Jitendra Kotamraju (Sun Microsystems), Vince Kowalski (BMC Software, Inc.), Sanjay Krishnamurthi (Informatica), Sundar Krishnamurthy (Verisign), Eva Kuiper (Hewlett-Packard), Sunil Kunisetty (Oracle Corporation), Christopher Kurt (Microsoft Corp.), Si La (DISA), Lars Laakes (Microsoft Corp.), Charles Lavey (IBM), Canyang Kevin Liu (SAP AG), Ted Liu (webMethods Inc.), Donna Locke (Oracle Corporation), Brad Lund (Intel), Eduardo MacIver (CGI Group), Michael Mahan (Nokia), Ron Marchi (EDS), Jonathan Marsh (Microsoft Corp.), Eric Matland (Hummingbird, Ltd.), Barbara McKee (IBM), Derek Medland (Hummingbird, Ltd.), David Meyer (Plumtree Software Inc.), Jeff Mischkinsky (Oracle Corporation), Ray Modeen (MITRE Corp.), Tom Moog (Sarvega Inc.), Gilles Mousseau (Hummingbird, Ltd.), Greg Mumford (MCI), Jim Murphy (Mindreef Inc), Pat Murphy (Motorcycle Industry Council), Bryan Murray (Hewlett-Packard), Richard Nikula (BMC Software, Inc.), Eisaku Nishiyama (Hitachi, Ltd.), Mark Nottingham (BEA Systems Inc), David Orchard (BEA Systems Inc), Vivek Pandey (Sun Microsystems), Jesse Pangburn (Quovadx), Mike Parsons (Epicor Software), Eduardo Pelegri-Llopart (Sun Microsystems), Mike Perham (Webify Solutions Inc), Saju Puthankalam (webMethods Inc.), Martin Raepple (SAP AG), Eric Rajkovic (Oracle Corporation), Shaan Razvi (MITRE Corp.), Rimas Rekasius (IBM), Mark Richards (Fidelity), Graeme Riddell (Bowstreet), Ian Robinson (IBM), Sam Ruby (IBM), Tom Rutt (Fujitsu Limited), Saikat Saha (Commerce One, Inc.), Roger Sanborn (Crystal Decisions Corp), Matt Sanchez (Webify Solutions Inc), Krishna Sankar (Cisco Systems Inc.), Jeffrey Schlimmer (Microsoft Corp.), Don Schricker (Micro Focus), Dave Seidel (Mindreef Inc), Darren Self (Micro Focus), AKIRA SHIMAYA (NTT), David Shoaf (Hewlett-Packard), Yasser Shohoud (Microsoft Corp.), David Smiley (Ascential Software), Skip Snow (Citigroup), Seumas Soltysik (IONA Technologies), Joseph Stanko (Plumtree Software Inc.), Andrew Stone (Accenture), Shankaran Subramanian (Citigroup), Julie Surer (MITRE Corp.), YASUO TAKEMOTO (NTT), Nobuyoshi Tanaka (NEC Corporation), Jorgen Thelin (Microsoft Corp.), Sameer Vaidya (Talking Blocks, Inc.), William Vambenepe (Hewlett-Packard), Claus von Riegen (SAP AG), Shrikant Wagh (Hewlett-Packard), Shrikant Wagh (Optimyz), Faisal Waris (Ford Motor Systems), Rick Weil (Eastman Kodak Company), Scott Werden (WRQ Inc.), Ajamu Wesley (IBM), Ian White (Micro Focus), Dave Wilkinson (Vignette), Mark Wood (Eastman Kodak Company), Prasad Yendluri (Software AG), and Brandon Zhu (NetManage Inc).