provision message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: WS-CAF and the "Session Context Token"
- From: prateek mishra <pmishra@principalidentity.com>
- To: provision@lists.oasis-open.org
- Date: Mon, 11 Jul 2005 14:23:20 -0700 (PDT)
As part of a discussion that began with message:
I had taken an action to investigate the proposed work in the WS-CAF TC to see this effort would meet these requirements.
The WS-CAF involves the development of a family of specifications that " define a generic and open framework for applications that contain multiple services used in combination (composite applications)." Three specifications are planned: WS-Context, WS-Coordination and a third to be named later.
The WS-Context specification is of particular interest. It provides "a definition, a structuring mechanism, and service definitions for organizing and sharing context across multiple execution endpoints." Context may include a range of information but always include
"A mandatory wsctx:contextIdentifierType called wsctx:context-identifier. This identifier can be thought of as a “correlation” identifier or a value that is used to indicate that a Web service is part of the same activity. The wsctx:contextIdentifierType is a URI with an optional wsu:Id attribute. It MUST be unique."
While the specification is pretty general, it also states that "where messages (either application messages, or WS-Context protocol messages themselves) require contextualization, the context is transported in a SOAP header block".
I couldn't see a proposed date for OASIS standardization for WS-Context. A recent draft has been published and is being worked on (also discussion of interop). My guess would be that it would be an OASIS standard by end-of-year.
SUMMARY:
The WS-Context specification appears to provide a solution to some of the requirements described in Gary's message. However, the term "Session Context" is absent from WS-Context so maybe there are some requirements (e.g., session time-out?) that are not captured there.
My own suggestion in that space is that concepts like sessioning and time-outs should definitely be left to the security layer (distinct from both WS-CAF and SPML) and I question whether the PSTC should provide any additional support for it within SPML. Unfortunately, a general purpose sessioning model for messages is not yet under development by a standards body. There is a draft produced by a group of vendors called WS-SecureConversation but I have no idea when it will move to a standards group.
REFERENCES
---------------------
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]