Andrew Grimshaw wrote: [...]
I'm not suggesting that we make WSRF a requirement by any stretch of the imagination ...
I would like to contribute my point of view to the discussion about existing specifications. I'm personally not against any existing WS-* specification, and I'm willing to implement everything we decide is necessary for our "PGI-profile" (or "PGI-specification", or whatever). However, from a strictly technical point of view, my concerns can be summarized by the attached diagram. Each node denotes a WS-* specification; the red nodes are the WS-RF specification family. I put an arc from X to Y iff in the "Normative References" section of document X there is an entry for document Y. Note: this does _NOT_ mean that specification X strictly depends on specification Y, but it was easy to quickly understand the "relations" among specifications. Furthermore, I stopped at the first level (I did not check the "dependencies" of WS-Topics, WS-BaseNotification and so forth, but I think that it would be a nice exercise to try some day...). The general point is that the WS-* family of specifications has internal dependencies which make implementation efforts quite time consuming, because you not only need to support specification X, but also all other specifications which X depends upon. Note that there are some libraries implementing some of these specifications (in the past, for example, we used OpenSAML to support the SAML specification), but nevertheless specific hooks to these libraries must be made in the main application code, which is still time-consuming. In my opinion there is a solution around this problem, and is exactly we discussed about the WS-SecureAddressing specification. Should we decide that a PGI-compliant execution service MUST implement specification WS-X, we should explicitly state which (hopefully SMALL) strict subset of WS-X MUST be supported; the rest of WS-X of course MAY be supported, but that is not required. In this way I hope that implementers won'd need to skim through hundreds of pages of additional specifications, and needing to implement them as dependencies for our PGI stuff. For the WS-SecureAddressing stuff we talked about requiring to recognize basically a URI embedded inside a small XML fragment containing an appropriate namespace telling which security setting the endpoint supports. If we are able to state that in a precise and hopefully self-contained way, I think that we will make implementers (starting from myself :-) ) extremely happy. Moreno. -- Moreno Marzolla INFN Sezione di Padova, via Marzolo 8, 35131 PADOVA, Italy EMail: moreno.marzolla@pd.infn.it Phone: +39 049 8277103 WWW : http://www.dsi.unive.it/~marzolla Fax : +39 049 8756233
