DSML Teleconference -
--------------------------------------------------
James Tauber, Chair
Christine Tomlinson
Gavenraj Sodhi
Jeff Parham
Keith Attenborough
Rob Weltman
Shon Vella
Tony Gullotta
Jeff Bohren
Joel Munter
---------------------------------------
F2F Thoughts
Host: Microsoft
Date: Mid-September?? (September 20 - 21st)??
---------------------------------------
Christine: Soap Binding Proposal
Overview of Proposal
- ..., Each soap request is defined by batch.xsd or DSMLv2.xsd (Request is defined in batch.xsd - envelope which
permit multiple operations in a top level element, or operations from DSMLv2 schema - individual operations which
are present).
- DSMLv2 Soap requires that you be able to send batch form of operations as well as operations. SOAP
node, responder or requester, indicate in soap header field, the top level element or body element.
- Sending a single DSML request that is not contained in batch request which work best with connection with HTTPS and HTTP1.1
- Soap Responses are going to be defined as batch response or batch search response
- An error response, what happens? LDAP result, what do you do?
Comments:
Andy: Regarding 2nd example: e.g., multiple requests... 2nd and 4th had errors, looks like you put errors in soap faults.
- Details are batch responses.
- If fault, then everything failed? Not completely in Black & White. Should not use fault codes if not completely failed.
- DSMLv2 core and specification of batch schema into transport binding. Should cover some aspect of binding.
- Should then discuss this at F2F.
- Has everyone agreed on Filter strategy?
- Another is attributes on search request.
- Microsoft is willing to comprise on XML representation of Filter and search request as part of DSMLv2.
- Need to get list of current open issues.
Specific issues:
- Multi-operation of a payload
- How you encode a single response?
- What is really mandated of an implementation?
- Every implementation should not include batching.
- Optimization
- Fundamental objection to coding a single request in batch envelope?
- Microsoft will relook at proposal.
- Novell: Consistent structure to have batch form.
Other open issues:
- Concern that iPlanet proposal on error response may have broken something.
Consensus- XML Representation on Filters? (Email vote)
- General idea -
Consensus- Attribute List (Email vote)
- Substring may have been a bit verbose and lingual
- Initial and final would be fixed strings and any element would be wild card?
- RFC 2254, section 3 & 4
- Understood now.
----
- When is something an attribute and when is something an element
- Constraints object is an attribute
- DSML value may be large (e.g., multi-variable value) is an element
----
Any other issues??
- Is BIND still an open issue?
- Current proposal is to send Bind over?
- Intent is, whatever security is used at transport level, you may have information that is like a digital certificate or ticket that can be used in different ways for access control in a directory. Bind with a principal in it, you can convey level of DSML, what identity is trying to perform the operation which may not be clear in the first place.
- e.g., iPlanet directory server mechanism
- Doesn't depend on BIND operation?
- No. Information between proxy and server is conveyed by a control.
- Proposal for bind is to allow control over every operation...
- Would a general DSML gateway do this?
- Gateway circumstance, is that BIND operation would be remembered at Gateway and would trigger a proxyauth control, if proxyauth control is supported by back-end servers.
- Some directory servers don't support this?
Conversation will continue on list...