RE: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP

[Chris Newman <Chris.Newman at Sun.COM>]

Hallam-Baker, Phillip wrote on 10/4/07 12:11 -0700:
> <hat chair=off>
>
> This is a very troubling statement in my view.

I also find the situation troubling and welcome debate on the topic.

> Web Services is a standards based architecture with broad industry-wide
> support. Keith's RFC was written in 2002 before the Web Services architecture
> was developed. There is clearly a conflict between the views being advance
> here and established practice for the design and implementation of Web
> Services based specifications.
>
> It is not helpful here if the IETF is going to insist on a separate
> definition of Web Services specifications that is not in sync with where the
> Web Services world is.

When protocols are built using OASIS or W3C protocols such as services layered 
on SOAP over HTTP, then we're entering an area where the IETF lacks expertise. 
One of the litmus tests for such work is that it has rough consensus both 
within the IETF and with the other standards organizations.

However, I will observe that the IETF WebDAV family of protocols has gone in a 
quite different direction from the SOAP over HTTP web services protocols.  So 
our use of port 80 is already not in sync with the rest of the web services 
world.

> Either the BCP56 view is right in which case we need the proponents of this
> view to be talking to the wider Web Services world (OASIS, W3C) and arriving
> at a consensus position or the BCP56 view is obsolete and needs to be updated.

I suspect reality lies somewhere in the middle.

> In either case this is an issue that the IAB needs to address. BCP56 is their
> work product, I believe. They need to be maintaining it.

I'm not sure the IAB has the correct composition of individuals to address 
these concerns, particularly in the area of web services and web protocols.  It 
might be better if a revision to BCP 56 was driven by individuals with the 
appropriate expertise working with the IAB as necessary.

> In particular the idea that WSDL is somehow dispensible as a component in the
> Web Services architecture is not a widely held position within the Web
> Services world.

As an area director, I will not require WSDL until there is community consensus 
within the IETF that it should be required.  We already have far too many bars 
to jump over to get standards approved and I'm not inclined to add new ones 
absent evidence of substantial value.  The message was forwarded somewhat out 
of context -- I was asked if I would require a WSDL profile and I answered that 
question.  If I were asked the question "should a W3C/OASIS standards based web 
service have a WSDL profile?", my answer would be "ask the W3C/OASIS 
communities".

> The port number issue is somewhat more complex. The number of Web Services is
> rapidly expanding and the idea of one port per Web Service is simply not
> sustainable. We only have 65536 ports and we are going to have far more Web
> Services in use.
>
> We already have a technology that meets this need - the SRV record. Unlike
> some recent DNS records there is absoluely no problem with support for SRV
> record deployment. Practically all the DNS servers in service, including
> Windows support SRV.
>
> Rather than registering a port for the KEYPROV protocol we should instead
> define an SRV prefix. Wildcarding issues are not relevant in this particular
> case.

I find this proposal very interesting.  To me, the underlying value of separate 
ports is the benefit of architectural separation of components (security, 
software design, multi-vendor interoperability, etc).  If the community chooses 
an alternative mechanism to provide that value, I suspect that would address 
the underlying motivation of the discussion in BCP 56 about separate ports.

               - Chris



_______________________________________________
APPS-REVIEW mailing list
APPS-REVIEW at ietf.org
https://www1.ietf.org/mailman/listinfo/apps-review