wsrm 1.1 spec os 01

Notes:	Hide Notes

Slide 1: 1 2 3 4 Web Services Reliable Messaging (WSReliableMessaging) Version 1.1 OASIS Standard 14 June 2007 5 Specification URIs: 6 This Version: 7 http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-spec-os-01.pdf 8 http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-spec-os-01.html 9 http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-spec-os-01.doc 10 Previous Version: 11 http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-spec-cs-01.pdf 12 http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-spec-cs-01.html 13 http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-spec-cs-01.doc 14 Latest Version: 15 http://docs.oasis-open.org/ws-rx/wsrm/v1.1/wsrm.pdf 16 http://docs.oasis-open.org/ws-rx/wsrm/v1.1/wsrm.html 17 http://docs.oasis-open.org/ws-rx/wsrm/v1.1/wsrm.doc 18 Technical Committee: 19 OASIS Web Services Reliable Exchange (WS-RX) TC 20 Chairs: 21 Paul Fremantle <paul@wso2.com> 22 Sanjay Patil <sanjay.patil@sap.com> 23 Editors: 24 Doug Davis, IBM <dug@us.ibm.com> 25 Anish Karmarkar, Oracle <Anish.Karmarkar@oracle.com> 26 Gilbert Pilz, BEA <gpilz@bea.com> 27 Steve Winkler, SAP <steve.winkler@sap.com> 28 Ümit Yalçinalp, SAP <umit.yalcinalp@sap.com> 29 Related Work: 30 This specification replaces or supercedes: 31  WS-ReliableMessaging v1.0 32 Declared XML Namespaces: 33 http://docs.oasis-open.org/ws-rx/wsrm/200702 34 Abstract: 35 This specification (WS-ReliableMessaging) describes a protocol that allows messages to be 36 transferred reliably between nodes implementing this protocol in the presence of software 37 component, system, or network failures. The protocol is described in this specification in a 38 transport-independent manner allowing it to be implemented using different network technologies. 39 To support interoperable Web services, a SOAP binding is defined within this specification. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 1 of 62 Slide 2: 40 41 42 43 44 45 46 47 48 49 The protocol defined in this specification depends upon other Web services specifications for the identification of service endpoint addresses and policies. How these are identified and retrieved are detailed within those specifications and are out of scope for this document. By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility model, SOAP-based and WSDL-based specifications are designed to be composed with each other to define a rich Web services environment. As such, WS-ReliableMessaging by itself does not define all the features required for a complete messaging solution. WS-ReliableMessaging is a building block that is used in conjunction with other specifications and application-specific protocols to accommodate a wide variety of requirements and scenarios related to the operation of distributed Web services. 50 Status: 51 This document was last revised or approved by the WS-RX Technical Committee on the above 52 date. The level of approval is also listed above. Check the "Latest Version" or "Latest Approved 53 Version" location noted above for possible later revisions of this document. 54 55 56 57 58 59 60 61 62 63 Technical Committee members should send comments on this specification to the Technical Committee's email list. Others should send comments to the Technical Committee by using the "Send A Comment" button on the Technical Committee's web page at http://www.oasisopen.org/committees/ws-rx/. For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasisopen.org/committees/ws-rx/ipr.php). The non-normative errata page for this specification is located at http://www.oasisopen.org/committees/ws-rx/. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 2 of 62 Slide 3: 64 Notices 65 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 66 All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual 67 Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website. 68 69 70 71 72 73 74 75 This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English. 76 The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors 77 or assigns. 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so. OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims. The name "OASIS", WS-ReliableMessaging, WSRM and WS-RX are trademarks of OASIS, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see http://www.oasisopen.org/who/trademark.php for above guidance. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 3 of 62 Slide 4: 109 Table of Contents Introduction ...................................................................................................................................... 6 1.1 Terminology ................................................................................................................................... 6 1.2 Normative References .................................................................................................................... 7 1.3 Non-Normative References............................................................................................................. 7 1.4 Namespace .................................................................................................................................... 8 1.5 Conformance .................................................................................................................................. 9 Reliable Messaging Model ............................................................................................................. 10 2.1 Glossary ....................................................................................................................................... 11 2.2 Protocol Preconditions .................................................................................................................. 12 2.3 Protocol Invariants ........................................................................................................................ 12 2.4 Delivery Assurances ..................................................................................................................... 12 2.5 Example Message Exchange........................................................................................................ 13 RM Protocol Elements.................................................................................................................... 16 3.1 Considerations on the Use of Extensibility Points .......................................................................... 16 3.2 Considerations on the Use of "Piggy-Backing" .............................................................................. 16 3.3 Composition with WS-Addressing ................................................................................................. 16 3.4 Sequence Creation ....................................................................................................................... 17 3.5 Closing A Sequence ..................................................................................................................... 21 3.6 Sequence Termination.................................................................................................................. 23 3.7 Sequences ................................................................................................................................... 25 3.8 Request Acknowledgement .......................................................................................................... 26 3.9 Sequence Acknowledgement........................................................................................................ 27 Faults............................................................................................................................................. 30 4.1 SequenceFault Element................................................................................................................ 31 4.2 Sequence Terminated .................................................................................................................. 32 4.3 Unknown Sequence...................................................................................................................... 32 4.4 Invalid Acknowledgement ............................................................................................................. 33 4.5 Message Number Rollover ........................................................................................................... 33 4.6 Create Sequence Refused ............................................................................................................ 34 4.7 Sequence Closed ......................................................................................................................... 34 4.8 WSRM Required........................................................................................................................... 35 Security Threats and Countermeasures .......................................................................................... 36 5.1 Threats and Countermeasures ..................................................................................................... 36 5.2 Security Solutions and Technologies ............................................................................................ 38 Securing Sequences ...................................................................................................................... 41 14 June 2007 Page 4 of 62 110 1 111 112 113 114 115 116 2 117 118 119 120 121 122 3 123 124 125 126 127 128 129 130 131 132 4 133 134 135 136 137 138 139 140 141 5 142 143 144 6 wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. Slide 5: 145 146 6.1 Securing Sequences Using WS-Security ...................................................................................... 41 6.2 Securing Sequences Using SSL/TLS ............................................................................................ 42 147 Appendix A. Schema .............................................................................................................................. 44 148 Appendix B. WSDL ................................................................................................................................. 49 149 Appendix C. Message Examples ............................................................................................................ 51 150 151 152 153 154 Appendix C.1 Create Sequence.......................................................................................................... 51 Appendix C.2 Initial Transmission ....................................................................................................... 51 Appendix C.3 First Acknowledgement ................................................................................................ 53 Appendix C.4 Retransmission............................................................................................................. 53 Appendix C.5 Termination .................................................................................................................. 54 155 Appendix D. State Tables ....................................................................................................................... 56 156 Appendix E. Acknowledgments ............................................................................................................... 61 157 wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 5 of 62 Slide 6: 158 159 160 161 162 163 164 165 166 167 168 1 Introduction It is often a requirement for two Web services that wish to communicate to do so reliably in the presence of software component, system, or network failures. The primary goal of this specification is to create a modular mechanism for reliable transfer of messages. It defines a messaging protocol to identify, track, and manage the reliable transfer of messages between a source and a destination. It also defines a SOAP binding that is required for interoperability. Additional bindings can be defined. This mechanism is extensible allowing additional functionality, such as security, to be tightly integrated. This specification integrates with and complements the WS-Security [WS-Security], WS-Policy [WSPolicy], and other Web services specifications. Combined, these allow for a broad range of reliable, secure messaging options. 1.1 Terminology 169 The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD 170 NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described 171 in RFC 2119 [KEYWORDS]. 172 This specification uses the following syntax to define normative outlines for messages: 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187      The syntax appears as an XML instance, but values in italics indicate data types instead of values. Characters are appended to elements and attributes to indicate cardinality: o o o "?" (0 or 1) "" (0 or more) "+" (1 or more) The character "\|" is used to indicate a choice between alternatives. The characters "[" and "]" are used to indicate that contained items are to be treated as a group with respect to cardinality or choice. An ellipsis (i.e. "...") indicates a point of extensibility that allows other child or attribute content specified in this document. Additional children elements and/or attributes MAY be added at the indicated extension points but they MUST NOT contradict the semantics of the parent and/or owner, respectively. If an extension is not recognized it SHOULD be ignored. XML namespace prefixes (see section 1.4) are used to indicate the namespace of the element being defined.  188 Elements and Attributes defined by this specification are referred to in the text of this document using 189 XPath 1.0 [XPath_10] expressions. Extensibility points are referred to using an extended version of this 190 syntax: 191 192 193 194 195 196  An element extensibility point is referred to using {any} in place of the element name. This indicates that any element name can be used, from any namespace other than the wsrm: namespace. An attribute extensibility point is referred to using @{any} in place of the attribute name. This indicates that any attribute name can be used, from any namespace other than the wsrm: namespace. 14 June 2007 Page 6 of 62  wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. Slide 7: 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 1.2 Normative References [KEYWORDS] S. Bradner, “Key words for use in RFCs to Indicate Requirement Levels,” RFC 2119, Harvard University, March 1997 http://www.ietf.org/rfc/rfc2119.txt OASIS WS-RX Technical OASIS Standard, "Web Services Reliable Messaging Policy Assertion( WS-RM Policy)," June 2007 http://docs.oasis-open.org/ws-rx/wsrmp/v1.1/wsrmp.pdf W3C Note, "SOAP: Simple Object Access Protocol 1.1," 08 May 2000. http://www.w3.org/TR/2000/NOTE-SOAP-20000508/ W3C Recommendation, "SOAP Version 1.2 Part 1: Messaging Framework" June 2003. http://www.w3.org/TR/2003/REC-soap12-part1-20030624/ T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax," RFC 3986, MIT/LCS, U.C. Irvine, Xerox Corporation, January 2005. http://ietf.org/rfc/rfc3986 P. Leach, M. Mealling, R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace," RFC 4122, Microsoft, Refactored Networks - LLC, DataPower Technology Inc, July 2005 http://www.ietf.org/rfc/rfc4122.txt W3C Recommendation, "Extensible Markup Language (XML) 1.0 (Fourth Edition)", September 2006. http://www.w3.org/TR/REC-xml/ [WS-RM Policy] [SOAP 1.1] [SOAP 1.2] [URI] [UUID] [XML] [XML-ns] W3C Recommendation, "Namespaces in XML," 14 January 1999. http://www.w3.org/TR/1999/REC-xml-names-19990114/ [XML-Schema Part1] W3C Recommendation, "XML Schema Part 1: Structures," October 2004. http://www.w3.org/TR/xmlschema-1/ [XML-Schema Part2] W3C Recommendation, "XML Schema Part 2: Datatypes," October 2004. http://www.w3.org/TR/xmlschema-2/ [XPATH 1.0] W3C Recommendation, "XML Path Language (XPath) Version 1.0," 16 November 1999. http://www.w3.org/TR/xpath [WSDL 1.1] W3C Note, "Web Services Description Language (WSDL 1.1)," 15 March 2001. http://www.w3.org/TR/2001/NOTE-wsdl-20010315 [WS-Addressing] W3C Recommendation, “Web Services Addressing 1.0 – Core,” May 2006. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509/ W3C Recommendation, “Web Services Addressing 1.0 – SOAP Binding,” May 2006 http://www.w3.org/TR/2006/REC-ws-addr-soap-20060509/ 1.3 Non-Normative References [BSP 1.0] WS-I Working Group Draft. "Basic Security Profile Version 1.0," August 2006 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html Jonathan Borden, Tim Bray, eds. “Resource Directory Description Language (RDDL) 2.0,” January 2004 http://www.openhealth.org/RDDL/20040118/rddl-20040118.html J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Loutonen, L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication," June 14 June 2007 Page 7 of 62 [RDDL 2.0] [RFC 2617] wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. Slide 8: 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 [RFC 4346] 1999. http://www.ietf.org/rfc/rfc2617.txt T. Dierks, E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1," April 2006. http://www.ietf.org/rfc/rfc4346.txt W3C Member Submission "Web Services Policy 1.2 - Framework", April 2006 http://www.w3.org/Submission/2006/SUBM-WS-Policy-20060425/ W3C Candidate Recommendation, "Web Services Policy 1.5 - Framework," February 2007. http://www.w3.org/TR/2007/CR-ws-policy-20070228 [WS-Policy] [WS-PolicyAttachment] W3C Member Submission "Web Services Policy 1.2 - Attachment", April 2006 http://www.w3.org/Submission/2006/SUBM-WS-PolicyAttachment-20060425/ W3C Candidate Recommendation, "Web Services Policy 1.5 - Attachment," February 2007. http://www.w3.org/TR/2007/CR-ws-policy-attach-20070228 Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)", OASIS Standard 200401, March 2004. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-messagesecurity-1.0.pdf Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "OASIS Web Services Se-curity: SOAP Message Security 1.1 (WS-Security 2004)", OASIS Standard 200602, February 2006. http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-SOAPMessageSecurity.pdf [RTTM] V. Jacobson, R. Braden, D. Borman, "TCP Extensions for High Performance", RFC 1323, May 1992. http://www.rfc-editor.org/rfc/rfc1323.txt G. Della-Libra, et. al. "Web Services Security Policy Language (WSSecurityPolicy)", July 2005 http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf [WS-Security] [SecurityPolicy] [SecureConversation] S. Anderson, et al, "Web Services Secure Conversation Language (WSSecureConversation)," February 2005. http://schemas.xmlsoap.org/ws/2004/04/sc/ [Trust] S. Anderson, et al, "Web Services Trust Language (WS-Trust)," February 2005. http://schemas.xmlsoap.org/ws/2005/02/trust 1.4 Namespace http://docs.oasis-open.org/ws-rx/wsrm/200702 285 The XML namespace [XML-ns] URI that MUST be used by implementations of this specification is: 286 287 Dereferencing the above URI will produce the Resource Directory Description Language [RDDL 2.0] 288 document that describes this namespace. 289 Table 1 lists the XML namespaces that are used in this specification. The choice of any namespace prefix 290 is arbitrary and not semantically significant. 291 Table 1 Prefix Namespace 14 June 2007 Page 8 of 62 wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. Slide 9: S S11 S12 wsrm wsa wsam wsse xs (Either SOAP 1.1 or 1.2) http://schemas.xmlsoap.org/soap/envelope/ http://www.w3.org/2003/05/soap-envelope http://docs.oasis-open.org/ws-rx/wsrm/200702 http://www.w3.org/2005/08/addressing http://www.w3.org/2007/02/addressing/metadata http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://www.w3.org/2001/XMLSchema 292 The normative schema for WS-ReliableMessaging can be found linked from the namespace document 293 that is located at the namespace URI specified above. 294 All sections explicitly noted as examples are informational and are not to be considered normative. 295 296 297 298 299 1.5 Conformance An implementation is not conformant with this specification if it fails to satisfy one or more of the MUST or REQUIRED level requirements defined herein. A SOAP Node MUST NOT use the XML namespace identifier for this specification (listed in section 1.4) within SOAP Envelopes unless it is conformant with this specification. 300 Normative text within this specification takes precedence over normative outlines, which in turn take 301 precedence over the XML Schema [XML Schema Part 1, Part 2] descriptions. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 9 of 62 Slide 10: 302 2 Reliable Messaging Model The WS-ReliableMessaging specification defines an interoperable protocol that enables a Reliable Messaging (RM) Source to accurately determine the disposition of each message it Transmits as perceived by the RM Destination, so as to allow it to resolve any in-doubt status regarding receipt of the message Transmitted. The protocol also enables an RM Destination to efficiently determine which of those messages it Receives have been previously Received, enabling it to filter out duplicate message transmissions caused by the retransmission, by the RM Source, of an unacknowledged message. It also enables an RM Destination to Deliver the messages it Receives to the Application Destination in the order in which they were sent by an Application Source, in the event that they are Received out of order. Note that this specification places no restriction on the scope of the RM Source or RM Destination entities. For example, either can span multiple WSDL Ports or Endpoints. The protocol enables the implementation of a broad range of reliability features which include ordered Delivery, duplicate elimination, and guaranteed receipt. The protocol can also be implemented with a range of robustness characteristics ranging from in-memory persistence that is scoped to a single process lifetime, to replicated durable storage that is recoverable in all but the most extreme circumstances. It is expected that the Endpoints will implement as many or as few of these reliability characteristics as necessary for the correct operation of the application using the protocol. Regardless of which of the reliability features is enabled, the wire protocol does not change. Figure 1 below illustrates the entities and events in a simple reliable exchange of messages. First, the Application Source Sends a message for reliable transfer. The Reliable Messaging Source accepts the message and Transmits it one or more times. After accepting the message, the RM Destination Acknowledges it. Finally, the RM Destination Delivers the message to the Application Destination. The exact roles the entities play and the complete meaning of the events will be defined throughout this specification. 303 Many errors can interrupt a conversation. Messages can be lost, duplicated or reordered. Further the host 304 systems can experience failures and lose volatile state. 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 10 of 62 Slide 11: Initial Sender Application Source Send Ultimate Receiver Application Destination Deliver RM Source Transmit Acknowledge Scope of RM Protocol 328 Figure 1: Reliable Messaging Model RM Destination Receive 329 2.1 Glossary 330 The following definitions are used throughout this specification: 331 Accept: The act of qualifying a message by the RM Destination such that it becomes eligible for Delivery 332 and acknowledgement. 333 Acknowledgement: The communication from the RM Destination to the RM Source indicating the 334 successful receipt of a message. 335 Acknowledgement Message: A message containing a SequenceAcknowledgement header block. 336 Acknowledgement Messages may or may not contain a SOAP body. 337 Acknowledgement Request: A message containing an AckRequested header. Acknowledgement 338 Requests may or may not contain a SOAP body. 339 Application Destination: The Endpoint to which a message is Delivered. 340 Application Source: The Endpoint that Sends a message. 341 Back-channel: When the underlying transport provides a mechanism to return a transport-protocol 342 specific response, capable of carrying a SOAP message, without initiating a new connection, this 343 specification refers to this mechanism as a back-channel. 344 Deliver: The act of transferring responsibility for a message from the RM Destination to the Application 345 Destination. 346 Endpoint: As defined in the WS-Addressing specification [WS-Addressing]; a Web service Endpoint is a 347 (referenceable) entity, processor, or resource to which Web service messages can be addressed. 348 Endpoint references (EPRs) convey the information needed to address a Web service Endpoint. 349 Receive: The act of reading a message from a network connection and accepting it. 350 RM Destination: The Endpoint that Receives messages Transmitted reliably from an RM Source. 351 RM Protocol Header Block: One of Sequence, SequenceAcknowledgement, or AckRequested. 352 RM Source: The Endpoint that Transmits messages reliably to an RM Destination. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 11 of 62 Slide 12: 353 Send: The act of transferring a message from the Application Source to the RM Source for reliable 354 transfer. 355 Sequence Lifecycle Message: A message that contains one of: CreateSequence, 356 CreateSequenceResponse, CloseSequence, CloseSequenceResponse, TerminateSequence, 357 TerminateSequenceResponse as the child element of the SOAP body element. 358 Sequence Traffic Message: A message containing a Sequence header block. 359 Transmit: The act of writing a message to a network connection. 360 2.2 Protocol Preconditions 361 The correct operation of the protocol requires that a number of preconditions MUST be established prior to 362 the processing of the initial sequenced message: 363 364 365 366 367 368 369 370     For any single message exchange the RM Source MUST have an endpoint reference that uniquely identifies the RM Destination Endpoint. The RM Source MUST have successfully created a Sequence with the RM Destination. The RM Source MUST be capable of formulating messages that adhere to the RM Destination's policies. If a secure exchange of messages is REQUIRED, then the RM Source and RM Destination MUST have a security context. 2.3 Protocol Invariants  The RM Source MUST assign each message within a Sequence a message number (defined below) beginning at 1 and increasing by exactly 1 for each subsequent message. These numbers MUST be assigned in the same order in which messages are sent by the Application Source. Within every Acknowledgement Message it issues, the RM Destination MUST include one or more AcknowledgementRange child elements that contain, in their collective ranges, the message number of every message accepted by the RM Destination. The RM Destination MUST exclude, in the AcknowledgementRange elements, the message numbers of any messages it has not accepted. If no messages have been received the RM Destination MUST return None instead of an AcknowledgementRange(s). The RM Destination MAY transmit a Nack for a specific message or messages instead of an AcknowledgementRange(s). While the Sequence is not closed or terminated, the RM Source SHOULD retransmit unacknowledged messages. 371 During the lifetime of a Sequence, the following invariants are REQUIRED for correctness: 372 373 374 375 376 377 378 379 380 381 382 383 384   2.4 Delivery Assurances 385 This section defines a number of Delivery Assurance assertions, which can be supported by RM Sources 386 and RM Destinations. These assertions can be specified as policy assertions using the WS-Policy 387 framework [WS-Policy]. For details on this see the WSRM Policy specification [WS-RM Policy]. 388 AtLeastOnce 389 Each message is to be delivered at least once, or else an error MUST be raised by the RM 390 Source and/or RM Destination. The requirement on an RM Source is that it SHOULD retry 391 transmission of every message sent by the Application Source until it receives an wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 12 of 62 Slide 13: 392 393 394 395 acknowledgement from the RM Destination. The requirement on the RM Destination is that it SHOULD retry the transfer to the Application Destination of any message that it accepts from the RM Source, until that message has been successfully delivered. There is no requirement for the RM Destination to apply duplicate message filtering. 396 AtMostOnce 397 398 399 400 Each message is to be delivered at most once. The RM Source MAY retry transmission of unacknowledged messages, but is NOT REQUIRED to do so. The requirement on the RM Destination is that it MUST filter out duplicate messages, i.e. that it MUST NOT deliver a duplicate of a message that has already been delivered. 401 ExactlyOnce 402 Each message is to be delivered exactly once; if a message cannot be delivered then an error 403 MUST be raised by the RM Source and/or RM Destination. The requirement on an RM Source is 404 that it SHOULD retry transmission of every message sent by the Application Source until it 405 receives an acknowledgement from the RM Destination. The requirement on the RM Destination 406 is that it SHOULD retry the transfer to the Application Destination of any message that it accepts 407 from the RM Source until that message has been successfully delivered, and that it MUST NOT 408 deliver a duplicate of a message that has already been delivered. 409 InOrder 410 Messages from each individual sequence are to be delivered in the same order they have been 411 sent by the Application Source. The requirement on an RM Source is that it MUST ensure that the 412 ordinal position of each message in the sequence (as indicated by a message sequence number) 413 is consistent with the order in which the messages have been sent from the Application Source. 414 The requirement on the RM Destination is that it MUST deliver received messages for each 415 sequence in the order indicated by the message numbering. This DeliveryAssurance can be used 416 in combination with any of the AtLeastOnce, AtMostOnce or ExactlyOnce assertions, and the 417 requirements of those assertions MUST also be met. In particular if the AtLeastOnce or 418 ExactlyOnce assertion applies and the RM Destination detects a gap in the sequence then the 419 RM Destination MUST NOT deliver any subsequent messages from that sequence until the 420 missing messages are received or until the sequence is closed. 421 2.5 Example Message Exchange 422 Figure 2 illustrates a possible message exchange between two reliable messaging Endpoints A and B. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 13 of 62 Slide 14: Endpoint A Reliable Messaging Protocol Establish Protocol Preconditions Endpoint B CreateSequence() CreateSequenceResponse( Identifier=http://fabrikam123.com/abc ) Sequence( Identifier = http://fabrikam123.com/abc, MessageNumber = 1 ) Sequence( Identifier = http://fabrikam123.com/abc, MessageNumber = 2 ) X Sequence( Identifier = http://fabrikam123.com/abc, MessageNumber = 3, AckRequested ) SequenceAcknowledgement( Identifier = http://fabrikam123.com/abc, AcknowledgementRange = 1,3 ) Sequence( Identifier = http://fabrikam123.com/abc,MessageNumber = 2, AckRequested) SequenceAcknowledgement( Identifier = http://fabrikam123.com/abc, AcknowledgementRange = 1...3 ) TerminateSequence( Identifier = http://fabrikam123.com/abc ) TerminateSequenceResponse( Identifier=http://fabrikam123.com/abc,LastMsgNumber=3 ) 423 Figure 2: The WS-ReliableMessaging Protocol 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 1. The protocol preconditions are established. These include policy exchange, endpoint resolution, and establishing trust. 2. The RM Source requests creation of a new Sequence. 3. The RM Destination creates a new Sequence and returns its unique identifier. 4. The RM Source begins Transmitting messages in the Sequence beginning with MessageNumber 1. In the figure above, the RM Source sends 3 messages in the Sequence. 5. The 2nd message in the Sequence is lost in transit. 6. The 3rd message is the last in this Sequence and the RM Source includes an AckRequested header to ensure that it gets a timely SequenceAcknowledgement for the Sequence. 7. The RM Destination acknowledges receipt of message numbers 1 and 3 as a result of receiving the RM Source's AckRequested header. 8. The RM Source retransmits the unacknowledged message with MessageNumber 2. This is a new message from the perspective of the underlying transport, but it has the same Sequence Identifier and MessageNumber so the RM Destination can recognize it as a duplicate of the earlier message, in case the original and retransmitted messages are both Received. The RM Source includes an AckRequested header in the retransmitted message so the RM Destination will expedite an acknowledgement. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 14 of 62 Slide 15: 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 9. The RM Destination Receives the second transmission of the message with MessageNumber 2 and acknowledges receipt of message numbers 1, 2, and 3. 10. The RM Source Receives this Acknowledgement and sends a TerminateSequence message to the RM Destination indicating that the Sequence is completed. The TerminateSequence message indicates that message number 3 was the last message in the Sequence. The RM Destination then reclaims any resources associated with the Sequence. 11. The RM Destination Receives the TerminateSequence message indicating that the RM Source will not be sending any more messages. The RM Destination sends a TerminateSequenceResponse message to the RM Source and reclaims any resources associated with the Sequence. The RM Source will expect to Receive Acknowledgements from the RM Destination during the course of a message exchange at occasions described in section 3 below. Should an Acknowledgement not be Received in a timely fashion, the RM Source MUST re-transmit the message since either the message or the associated Acknowledgement might have been lost. Since the nature and dynamic characteristics of the underlying transport and potential intermediaries are unknown in the general case, the timing of retransmissions cannot be specified. Additionally, over-aggressive re-transmissions have been demonstrated to cause transport or intermediary flooding which are counterproductive to the intention of providing a reliable exchange of messages. Consequently, implementers are encouraged to utilize adaptive mechanisms that dynamically adjust re-transmission time and the back-off intervals that are appropriate to the nature of the transports and intermediaries envisioned. For the case of TCP/IP transports, a mechanism similar to that described as RTTM in RFC 1323 [RTTM] SHOULD be considered. 462 Now that the basic model has been outlined, the details of the elements used in this protocol are now 463 provided in section 3. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 15 of 62 Slide 16: 464 3 RM Protocol Elements 465 The following sub-sections define the various RM protocol elements, and prescribe their usage by a 466 conformant implementations. 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 3.1 Considerations on the Use of Extensibility Points The following protocol elements define extensibility points at various places. Implementations MAY add child elements and/or attributes at the indicated extension points but MUST NOT contradict the semantics of the parent and/or owner, respectively. If a receiver does not recognize an extension, the receiver SHOULD ignore the extension. 3.2 Considerations on the Use of "Piggy-Backing" Some RM Protocol Header Blocks may be added to messages that are targeted to the same Endpoint to which those headers are to be sent (a concept often referred to as "piggy-backing"), thus saving the overhead of an additional message exchange. Reference parameters MUST be considered when determining whether two EPRs are targeted to the same Endpoint. The determination of if and when a Header Block will be piggy-backed onto another message is made by the entity (RM Source or RM Destination) that is sending the header. In order to ensure optimal and successful processing of RM Sequences, endpoints that receive RM-related messages SHOULD be prepared to process RM Protocol Header Blocks that are included in any message it receives. See the sections that define each RM Protocol Header Block to know which ones may be considered for piggy-backing. 3.3 Composition with WS-Addressing 483 When the RM protocol, defined in this specification, is composed with the WS-Addressing specification, 484 the following rules prescribe the constraints on the value of the wsa:Action header: 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 1. When an Endpoint generates a message that carries an RM protocol element, that is defined in the following sections, in the body of a SOAP envelope that Endpoint MUST include in that envelope a wsa:Action SOAP header block whose value is an IRI that is a concatenation of the WS-RM namespace URI, followed by a "/", followed by the value of the local name of the child element of the SOAP body . For example, for a Sequence creation request message as described in section 3.4 below, the value of the wsa:Action IRI would be: http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence 2. When an Endpoint generates an Acknowledgement Message that has no element content in the SOAP body, then the value of the wsa:Action IRI MUST be: http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement 3. When an Endpoint generates an Acknowledgement Request that has no element content in the SOAP body, then the value of the wsa:Action IRI MUST be: http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested 4. When an Endpoint generates an RM fault as defined in section 4 below, the value of the wsa:Action IRI MUST be as defined in section 4 below. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 16 of 62 Slide 17: 500 501 502 503 504 505 3.4 Sequence Creation The RM Source MUST request creation of an outbound Sequence by sending a CreateSequence element in the body of a message to the RM Destination which in turn responds either with a message containing CreateSequenceResponse or a CreateSequenceRefused fault. The RM Source MAY include an offer to create an inbound Sequence within the CreateSequence message. This offer is either accepted or rejected by the RM Destination in the CreateSequenceResponse message. 506 The SOAP version used for the CreateSequence message SHOULD be used for all subsequent 507 messages in or for that Sequence, sent by either the RM Source or the RM Destination. 508 The following exemplar defines the CreateSequence syntax: 509 510 511 512 513 514 515 516 517 518 519 520 521 522 <wsrm:CreateSequence ...> <wsrm:AcksTo> wsa:EndpointReferenceType </wsrm:AcksTo> <wsrm:Expires ...> xs:duration </wsrm:Expires> ? <wsrm:Offer ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> <wsrm:Endpoint> wsa:EndpointReferenceType </wsrm:Endpoint> <wsrm:Expires ...> xs:duration </wsrm:Expires> ? <wsrm:IncompleteSequenceBehavior> wsrm:IncompleteSequenceBehaviorType </wsrm:IncompleteSequenceBehavior> ? ... </wsrm:Offer> ? ... </wsrm:CreateSequence> 523 The following describes the content model of the CreateSequence element. 524 /wsrm:CreateSequence 525 This element requests creation of a new Sequence between the RM Source that sends it, and the 526 RM Destination to which it is sent. The RM Source MUST NOT send this element as a header 527 block. The RM Destination MUST respond either with a CreateSequenceResponse response 528 message or a CreateSequenceRefused fault. 529 /wsrm:CreateSequence/wsrm:AcksTo 530 The RM Source MUST include this element in any CreateSequence message it sends. This 531 element is of type wsa:EndpointReferenceType (as specified by WS-Addressing). It specifies 532 the endpoint reference to which messages containing SequenceAcknowledgement header 533 blocks and faults related to the created Sequence are to be sent, unless otherwise noted in this 534 specification (for example, see section 3.5). 535 536 537 538 Implementations MUST NOT use an endpoint reference in the AcksTo element that would prevent the sending of Sequence Acknowledgements back to the RM Source. For example, using the WSAddressing "http://www.w3.org/2005/08/addressing/none" IRI would make it impossible for the RM Destination to ever send Sequence Acknowledgements. 539 /wsrm:CreateSequence/wsrm:Expires 540 541 542 543 This element, if present, of type xs:duration specifies the RM Source's requested duration for the Sequence. The RM Destination MAY either accept the requested duration or assign a lesser value of its choosing. A value of "PT0S" indicates that the Sequence will never expire. Absence of the element indicates an implied value of "PT0S". 544 /wsrm:CreateSequence/wsrm:Expires/@{any} 545 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 546 to the element. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 17 of 62 Slide 18: 547 /wsrm:CreateSequence/wsrm:Offer 548 This element, if present, enables an RM Source to offer a corresponding Sequence for the reliable 549 exchange of messages Transmitted from RM Destination to RM Source. 550 /wsrm:CreateSequence/wsrm:Offer/wsrm:Identifier 551 The RM Source MUST set the value of this element to an absolute URI (conformant with 552 RFC3986 [URI]) that uniquely identifies the offered Sequence. 553 /wsrm:CreateSequence/wsrm:Offer/wsrm:Identifier/@{any} 554 555 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 556 /wsrm:CreateSequence/wsrm:Offer/wsrm:Endpoint 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 An RM Source MUST include this element, of type wsa:EndpointReferenceType (as specified by WS-Addressing). This element specifies the endpoint reference to which Sequence Lifecycle Messages, Acknowledgement Requests, and fault messages related to the offered Sequence are to be sent. Implementations MUST NOT use an endpoint reference in the Endpoint element that would prevent the sending of Sequence Lifecycle Message, etc. For example, using the WS-Addressing "http://www.w3.org/2005/08/addressing/none" IRI would make it impossible for the RM Destination to ever send Sequence Lifecycle Messages (e.g. TerminateSequence) to the RM Source for the Offered Sequence. The Offer of an Endpoint containing the "http://www.w3.org/2005/08/addressing/anonymous" IRI as its address is problematic due to the inability of a source to connect to this address and retry unacknowledged messages (as described in section 2.3). Note that this specification does not define any mechanisms for providing this assurance. In the absence of an extension that addresses this issue, an RM Destination MUST NOT accept (via the /wsrm:CreateSequenceResponse/wsrm:Accept element described below) an Offer that contains the "http://www.w3.org/2005/08/addressing/anonymous" IRI as its address. 573 /wsrm:CreateSequence/wsrm:Offer/wsrm:Expires 574 575 576 This element, if present, of type xs:duration specifies the duration for the offered Sequence. A value of "PT0S" indicates that the offered Sequence will never expire. Absence of the element indicates an implied value of "PT0S". 577 /wsrm:CreateSequence/wsrm:Offer/wsrm:Expires/@{any} 578 579 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 580 /wsrm:CreateSequence/wsrm:Offer/wsrm:IncompleteSequenceBehavior 581 582 583 584 585 586 587 588 589 590 This element, if present, specifies the behavior that the destination will exhibit upon the closure or termination of an incomplete Sequence. For the purposes of defining the values used, the term "discard" refers to behavior equivalent to the Application Destination never processing a particular message. A value of “DiscardEntireSequence” indicates that the entire Sequence MUST be discarded if the Sequence is closed, or terminated, when there are one or more gaps in the final SequenceAcknowledgement. A value of “DiscardFollowingFirstGap” indicates that messages in the Sequence beyond the first gap MUST be discarded when there are one or more gaps in the final SequenceAcknowledgement. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 18 of 62 Slide 19: 591 592 The default value of “NoDiscard” indicates that no acknowledged messages in the Sequence will be discarded. 593 /wsrm:CreateSequence/wsrm:Offer/{any} 594 This is an extensibility mechanism to allow different (extensible) types of information, based on a 595 schema, to be passed. 596 /wsrm:CreateSequence/wsrm:Offer/@{any} 597 598 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 599 /wsrm:CreateSequence/{any} 600 This is an extensibility mechanism to allow different (extensible) types of information, based on a 601 schema, to be passed. 602 /wsrm:CreateSequence/@{any} 603 604 605 606 607 608 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. A CreateSequenceResponse is sent in the body of a response message by an RM Destination in response to receipt of a CreateSequence request message. It carries the Identifier of the created Sequence and indicates that the RM Source can begin sending messages in the context of the identified Sequence. 609 The following exemplar defines the CreateSequenceResponse syntax: 610 611 612 613 614 615 616 617 618 619 620 621 <wsrm:CreateSequenceResponse ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> <wsrm:Expires ...> xs:duration </wsrm:Expires> ? <wsrm:IncompleteSequenceBehavior> wsrm:IncompleteSequenceBehaviorType </wsrm:IncompleteSequenceBehavior> ? <wsrm:Accept ...> <wsrm:AcksTo> wsa:EndpointReferenceType </wsrm:AcksTo> ... </wsrm:Accept> ? ... </wsrm:CreateSequenceResponse> 622 The following describes the content model of the CreateSequenceResponse element. 623 /wsrm:CreateSequenceResponse 624 625 626 This element is sent in the body of the response message in response to a CreateSequence request message. It indicates that the RM Destination has created a new Sequence at the request of the RM Source. The RM Destination MUST NOT send this element as a header block. 627 /wsrm:CreateSequenceResponse/wsrm:Identifier 628 The RM Destination MUST include this element within any CreateSequenceResponse message it 629 sends. The RM Destination MUST set the value of this element to the absolute URI (conformant 630 with RFC3986) that uniquely identifies the Sequence that has been created by the RM 631 Destination. 632 /wsrm:CreateSequenceResponse/wsrm:Identifier/@{any} 633 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 634 to the element. 635 /wsrm:CreateSequenceResponse/wsrm:Expires wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 19 of 62 Slide 20: 636 637 638 639 640 641 642 643 644 This element, if present, of type xs:duration accepts or refines the RM Source's requested duration for the Sequence. It specifies the amount of time after which any resources associated with the Sequence SHOULD be reclaimed thus causing the Sequence to be silently terminated. At the RM Destination this duration is measured from a point proximate to Sequence creation and at the RM Source this duration is measured from a point approximate to the successful processing of the CreateSequenceResponse. A value of "PT0S" indicates that the Sequence will never expire. Absence of the element indicates an implied value of "PT0S". The RM Destination MUST set the value of this element to be equal to or less than the value requested by the RM Source in the corresponding CreateSequence message. 645 /wsrm:CreateSequenceResponse/wsrm:Expires/@{any} 646 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 647 to the element. 648 /wsrm:CreateSequenceResponse/wsrm:IncompleteSequenceBehavior 649 This element, if present, specifies the behavior that the destination will exhibit upon the closure or 650 termination of an incomplete Sequence. For the purposes of defining the values used, the term 651 "discard" refers to behavior equivalent to the Application Destination never processing a particular 652 message. 653 654 655 656 657 658 659 660 A value of “DiscardEntireSequence” indicates that the entire Sequence MUST be discarded if the Sequence is closed, or terminated, when there are one or more gaps in the final SequenceAcknowledgement. A value of “DiscardFollowingFirstGap” indicates that messages in the Sequence beyond the first gap MUST be discarded when there are one or more gaps in the final SequenceAcknowledgement. The default value of “NoDiscard” indicates that no acknowledged messages in the Sequence will be discarded. 661 /wsrm:CreateSequenceResponse/wsrm:Accept 662 This element, if present, enables an RM Destination to accept the offer of a corresponding 663 Sequence for the reliable exchange of messages Transmitted from RM Destination to RM Source. 664 665 666 Note: If a CreateSequenceResponse is returned without a child Accept in response to a CreateSequence that did contain a child Offer, then the RM Source MAY immediately reclaim any resources associated with the unused offered Sequence. 667 /wsrm:CreateSequenceResponse/wsrm:Accept/wsrm:AcksTo 668 669 670 671 672 673 674 675 The RM Destination MUST include this element, of type wsa:EndpointReferenceType (as specified by WS-Addressing). It specifies the endpoint reference to which messages containing SequenceAcknowledgement header blocks and faults related to the created Sequence are to be sent, unless otherwise noted in this specification (for example, see section3.5). Implementations MUST NOT use an endpoint reference in the AcksTo element that would prevent the sending of Sequence Acknowledgements back to the RM Source. For example, using the WSAddressing "http://www.w3.org/2005/08/addressing/none" IRI would make it impossible for the RM Destination to ever send Sequence Acknowledgements. 676 /wsrm:CreateSequenceResponse/wsrm:Accept/{any} 677 678 This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed. 679 /wsrm:CreateSequenceResponse/wsrm:Accept/@{any} wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 20 of 62 Slide 21: 680 681 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 682 /wsrm:CreateSequenceResponse/{any} 683 This is an extensibility mechanism to allow different (extensible) types of information, based on a 684 schema, to be passed. 685 /wsrm:CreateSequenceResponse/@{any} 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 3.5 Closing A Sequence There are times during the use of an RM Sequence that the RM Source or RM Destination will wish to discontinue using a Sequence. Simply terminating the Sequence discards the state managed by the RM Destination, leaving the RM Source unaware of the final ranges of messages that were successfully transferred to the RM Destination. To ensure that the Sequence ends with a known final state either the RM Source or RM Destination MAY choose to close the Sequence before terminating it. If the RM Source wishes to close the Sequence, then it sends a CloseSequence element, in the body of a message, to the RM Destination. This message indicates that the RM Destination MUST NOT accept any new messages for the specified Sequence, other than those already accepted at the time the CloseSequence element is interpreted by the RM Destination. Upon receipt of this message, or subsequent to the RM Destination closing the Sequence of its own volition, the RM Destination MUST include a final SequenceAcknowledgement (within which the RM Destination MUST include the Final element) header block on any messages associated with the Sequence destined to the RM Source, including the CloseSequenceResponse message or on any Sequence fault Transmitted to the RM Source. To allow the RM Destination to determine if it has received all of the messages in a Sequence, the RM Source SHOULD include the LastMsgNumber element in any CloseSequence messages it sends. The RM Destination can use this information, for example, to implement the behavior indicated by /wsrm:CreateSequenceResponse/wsrm:IncompleteSequenceBehavior. The value of the LastMsgNumber element MUST be the same in all the CloseSequence messages for the closing Sequence. If the RM Destination decides to close a Sequence of its own volition, it MAY inform the RM Source of this event by sending a CloseSequence element, in the body of a message, to the AcksTo EPR of that Sequence. The RM Destination MUST include a final SequenceAcknowledgement (within which the RM Destination MUST include the Final element) header block in this message and any subsequent messages associated with the Sequence destined to the RM Source. While the RM Destination MUST NOT accept any new messages for the specified Sequence it MUST still process Sequence Lifecyle Messages and Acknowledgement Requests. For example, it MUST respond to AckRequested, TerminateSequence as well as CloseSequence messages. Note, subsequent CloseSequence messages have no effect on the state of the Sequence. In the case where the RM Destination wishes to discontinue use of a Sequence it is RECOMMENDED that it close the Sequence. Please see Final and the SequenceClosed fault. Whenever possible the SequenceClosed fault SHOULD be used in place of the SequenceTerminated fault to allow the RM Source to still Receive Acknowledgements. 722 The following exemplar defines the CloseSequence syntax: 723 724 725 <wsrm:CloseSequence ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> <wsrm:LastMsgNumber> wsrm:MessageNumberType </wsrm:LastMsgNumber> ? wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 21 of 62 Slide 22: 726 727 ... </wsrm:CloseSequence> 728 The following describes the content model of the CloseSequence element. 729 /wsrm:CloseSequence 730 This element MAY be sent by an RM Source to indicate that the RM Destination MUST NOT 731 accept any new messages for this Sequence This element MAY also be sent by an RM 732 Destination to indicate that it will not accept any new messages for this Sequence. 733 /wsrm:CloseSequence/wsrm:Identifier 734 The RM Source or RM Destination MUST include this element in any CloseSequence messages it 735 sends. The RM Source or RM Destination MUST set the value of this element to the absolute URI 736 (conformant with RFC3986) of the closing Sequence. 737 /wsrm:CloseSequence/wsrm:LastMessageNumber 738 739 740 The RM Source SHOULD include this element in any CloseSequence message it sends. The LastMsgNumber element specifies the highest assigned message number of all the Sequence Traffic Messages for the closing Sequence. 741 /wsrm:CloseSequence/wsrm:Identifier/@{any} 742 743 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 744 /wsrm:CloseSequence/{any} 745 746 This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed. 747 /wsrm:CloseSequence/@{any} 748 749 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 750 A CloseSequenceResponse is sent in the body of a message in response to receipt of a 751 CloseSequence request message. It indicates that the responder has closed the Sequence. 752 The following exemplar defines the CloseSequenceResponse syntax: 753 754 755 756 <wsrm:CloseSequenceResponse ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> ... </wsrm:CloseSequenceResponse> 757 The following describes the content model of the CloseSequenceResponse element. 758 /wsrm:CloseSequenceResponse 759 760 This element is sent in the body of a message in response to receipt of a CloseSequence request message. It indicates that the responder has closed the Sequence. 761 /wsrm:CloseSequenceResponse/wsrm:Identifier 762 763 764 The responder (RM Source or RM Destination) MUST include this element in any CloseSequenceResponse message it sends. The responder MUST set the value of this element to the absolute URI (conformant with RFC3986) of the closing Sequence. 765 /wsrm:CloseSequenceResponse/wsrm:Identifier/@{any} 766 767 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 22 of 62 Slide 23: 768 /wsrm:CloseSequenceResponse/{any} 769 This is an extensibility mechanism to allow different (extensible) types of information, based on a 770 schema, to be passed. 771 /wsrm:CloseSequenceResponse/@{any} 772 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 773 to the element. 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 3.6 Sequence Termination When the RM Source has completed its use of the Sequence it sends a TerminateSequence element, in the body of a message, to the RM Destination to indicate that the Sequence is complete and that it will not be sending any further messages related to the Sequence. The RM Destination can safely reclaim any resources associated with the Sequence upon receipt of the TerminateSequence message. Under normal usage the RM Source will complete its use of the Sequence when all of the messages in the Sequence have been acknowledged. However, the RM Source is free to Terminate or Close a Sequence at any time regardless of the acknowledgement state of the messages. To allow the RM Destination to determine if it has received all of the messages in a Sequence, the RM Source SHOULD include the LastMsgNumber element in any TerminateSequence messages it sends. The RM Destination can use this information, for example, to implement the behavior indicated by /wsrm:CreateSequenceResponse/wsrm:IncompleteSequenceBehavior. The value of the LastMsgNumber element in the TerminateSequence message MUST be equal to the value of the LastMsgNumber element in any CloseSequence message(s) sent by the RM Source for the same Sequence. If the RM Destination decides to terminate a Sequence of its own volition, it MAY inform the RM Source of this event by sending a TerminateSequence element, in the body of a message, to the AcksTo EPR for that Sequence. The RM Destination MUST include a final SequenceAcknowledgement (within which the RM Destination MUST include the Final element) header block in this message. 793 The following exemplar defines the TerminateSequence syntax: 794 795 796 797 798 <wsrm:TerminateSequence ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> <wsrm:LastMsgNumber> wsrm:MessageNumberType </wsrm:LastMsgNumber> ? ... </wsrm:TerminateSequence> 799 The following describes the content model of the TerminateSequence element. 800 /wsrm:TerminateSequence 801 This element MAY be sent by an RM Source to indicate it has completed its use of the Sequence. 802 It indicates that the RM Destination can safely reclaim any resources related to the identified 803 Sequence. The RM Source MUST NOT send this element as a header block. The RM Source 804 MAY retransmit this element. Once this element is sent, other than this element, the RM Source 805 MUST NOT send any additional message to the RM Destination referencing this Sequence. 806 807 808 809 810 811 This element MAY also be sent by the RM Destination to indicate that it has unilaterally terminated the Sequence. Upon sending this message the RM Destination MUST NOT accept any additional messages (with the exception of the corresponding TerminateSequenceResponse) for this Sequence. Upon receipt of a TerminateSequence the RM Source MUST NOT send any additional messages (with the exception of the corresponding TerminateSequenceResponse) for this Sequence. 812 /wsrm:TerminateSequence/wsrm:Identifier wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 23 of 62 Slide 24: 813 814 815 The RM Source or RM Destination MUST include this element in any TerminateSequence message it sends. The RM Source or RM Destination MUST set the value of this element to the absolute URI (conformant with RFC3986) of the terminating Sequence. 816 /wsrm:TerminateSequence/wsrm:LastMsgNumber 817 818 819 The RM Source SHOULD include this element in any TerminateSequence message it sends. The LastMsgNumber element specifies the highest assigned message number of all the Sequence Traffic Messages for the terminating Sequence. 820 /wsrm:TerminateSequence/wsrm:Identifier/@{any} 821 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 822 to the element. 823 /wsrm:TerminateSequence/{any} 824 This is an extensibility mechanism to allow different (extensible) types of information, based on a 825 schema, to be passed. 826 /wsrm:TerminateSequence/@{any} 827 828 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 829 A TerminateSequenceResponse is sent in the body of a message in response to receipt of a 830 TerminateSequence request message. It indicates that responder has terminated the Sequence. 831 The following exemplar defines the TerminateSequenceResponse syntax: 832 833 834 835 <wsrm:TerminateSequenceResponse ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> ... </wsrm:TerminateSequenceResponse> 836 The following describes the content model of the TerminateSequence element. 837 /wsrm:TerminateSequenceResponse 838 839 840 This element is sent in the body of a message in response to receipt of a TerminateSequence request message. It indicates that the responder has terminated the Sequence. The responder MUST NOT send this element as a header block. 841 /wsrm:TerminateSequenceResponse/wsrm:Identifier 842 The responder (RM Source or RM Destination) MUST include this element in any 843 TerminateSequenceResponse message it sends. The responder MUST set the value of this 844 element to the absolute URI (conformant with RFC3986) of the terminating Sequence. 845 /wsrm:TerminateSequenceResponse/wsrm:Identifier/@{any} 846 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 847 to the element. 848 /wsrm:TerminateSequenceResponse/{any} 849 This is an extensibility mechanism to allow different (extensible) types of information, based on a 850 schema, to be passed. 851 /wsrm:TerminateSequenceResponse/@{any} 852 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 853 to the element. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 24 of 62 Slide 25: 854 On receipt of a TerminateSequence message the receiver (RM Source or RM Destination) MUST 855 respond with a corresponding TerminateSequenceResponse message or generate a fault 856 UnknownSequenceFault if the Sequence is not known. 857 858 859 860 861 862 863 3.7 Sequences The RM protocol uses a Sequence header block to track and manage the reliable transfer of messages. The RM Source MUST include a Sequence header block in all messages for which reliable transfer is REQUIRED. The RM Source MUST identify Sequences with unique Identifier elements and the RM Source MUST assign each message within a Sequence a MessageNumber element that increments by 1 from an initial value of 1. These values are contained within a Sequence header block accompanying each message being transferred in the context of a Sequence. 864 The RM Source MUST NOT include more than one Sequence header block in any message. 865 A following exemplar defines its syntax: 866 867 868 869 870 <wsrm:Sequence ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> <wsrm:MessageNumber> wsrm:MessageNumberType </wsrm:MessageNumber> ... </wsrm:Sequence> 871 The following describes the content model of the Sequence header block. 872 /wsrm:Sequence 873 This protocol element associates the message in which it is contained with a previously 874 established RM Sequence. It contains the Sequence's unique identifier and the containing 875 message's ordinal position within that Sequence. The RM Destination MUST understand the 876 Sequence header block. The RM Source MUST assign a mustUnderstand attribute with a 877 value 1/true (from the namespace corresponding to the version of SOAP to which the Sequence 878 SOAP header block is bound) to the Sequence header block element. 879 /wsrm:Sequence/wsrm:Identifier 880 881 882 An RM Source that includes a Sequence header block in a SOAP envelope MUST include this element in that header block. The RM Source MUST set the value of this element to the absolute URI (conformant with RFC3986) that uniquely identifies the Sequence. 883 /wsrm:Sequence/wsrm:Identifier/@{any} 884 885 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. 886 /wsrm:Sequence/wsrm:MessageNumber 887 888 889 890 The RM Source MUST include this element within any Sequence headers it creates. This element is of type MessageNumberType. It represents the ordinal position of the message within a Sequence. Sequence message numbers start at 1 and monotonically increase by 1 throughout the Sequence. See section 4.5 for Message Number Rollover fault. 891 /wsrm:Sequence/{any} 892 893 This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed. 894 /wsrm:Sequence/@{any} 895 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 896 to the element. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 25 of 62 Slide 26: 897 The following example illustrates a Sequence header block. 898 899 900 901 902 <wsrm:Sequence> <wsrm:Identifier>http://example.com/abc</wsrm:Identifier> <wsrm:MessageNumber>10</wsrm:MessageNumber> </wsrm:Sequence> 3.8 Request Acknowledgement 903 The purpose of the AckRequested header block is to signal to the RM Destination that the RM Source is 904 requesting that a SequenceAcknowledgement be sent. 905 906 907 908 909 910 911 912 913 914 915 916 The RM Source MAY request an Acknowledgement Message from the RM Destination at any time by independently transmitting an AckRequested header block (i.e. as a header of a SOAP envelope with an empty body). Alternatively the RM Source MAY include an AckRequested header block in any message targeted to the RM Destination. The RM Destination SHOULD process AckRequested header blocks that are included in any message it receives. If a non-mustUnderstand fault occurs when processing an AckRequested header block that was piggy-backed, a fault MUST be generated, but the processing of the original message MUST NOT be affected. An RM Destination that Receives a message that contains an AckRequested header block MUST send a message containing a SequenceAcknowledgement header block to the AcksTo endpoint reference (see section 3.4) for a known Sequence or else generate an UnknownSequence fault. It is RECOMMENDED that the RM Destination return a AcknowledgementRange or None element instead of a Nack element (see section 3.9). 917 The following exemplar defines its syntax: 918 919 920 921 <wsrm:AckRequested ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> ... </wsrm:AckRequested> 922 The following describes the content model of the AckRequested header block. 923 /wsrm:AckRequested 924 This element requests an Acknowledgement for the identified Sequence. 925 /wsrm:AckRequested/wsrm:Identifier 926 927 928 929 An RM Source that includes an AckRequested header block in a SOAP envelope MUST include this element in that header block. The RM Source MUST set the value of this element to the absolute URI, (conformant with RFC3986), that uniquely identifies the Sequence to which the request applies. 930 /wsrm:AckRequested/wsrm:Identifier/@{any} 931 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 932 to the element. 933 /wsrm:AckRequested/{any} 934 This is an extensibility mechanism to allow different (extensible) types of information, based on a 935 schema, to be passed. 936 /wsrm:AckRequested/@{any} 937 938 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added to the element. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 26 of 62 Slide 27: 939 3.9 Sequence Acknowledgement 940 The RM Destination informs the RM Source of successful message receipt using a 941 SequenceAcknowledgement header block. Acknowledgements can be explicitly requested using the 942 AckRequested directive (see section 3.8). 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 The RM Destination MAY Transmit the SequenceAcknowledgement header block independently (i.e. as a header of a SOAP envelope with an empty body). Alternatively, an RM Destination MAY include a SequenceAcknowledgement header block on any SOAP envelope targeted to the endpoint referenced by the AcksTo EPR. The RM Source SHOULD process SequenceAcknowledgement header blocks that are included in any message it receives. If a non-mustUnderstand fault occurs when processing a SequenceAcknowledgement header that was piggy-backed, a fault MUST be generated, but the processing of the original message MUST NOT be affected. During creation of a Sequence the RM Source MAY specify the WS-Addressing anonymous IRI as the address of the AcksTo EPR for that Sequence. When the RM Source specifies the WS-Addressing anonymous IRI as the address of the AcksTo EPR, the RM Destination MUST Transmit any SequenceAcknowledgement headers for the created Sequence in a SOAP envelope to be Transmitted on the protocol binding-specific back-channel. Such a channel is provided by the context of a Received message containing a SOAP envelope that contains a Sequence header block and/or an AckRequested header block for that same Sequence identifier. When the RM Destination receives an AckRequested header, and the AckTo EPR for that sequence is the WS-Addressing anonymous IRI, the RM Destination SHOULD respond on the protocol binding-specific back-channel provided by the Received message containing the AckRequested header block. 960 The following exemplar defines its syntax: 961 962 963 964 965 966 967 968 969 970 971 <wsrm:SequenceAcknowledgement ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> [ [ [ <wsrm:AcknowledgementRange ... Upper="wsrm:MessageNumberType" Lower="wsrm:MessageNumberType"/> + \| <wsrm:None/> ] <wsrm:Final/> ? ] \| <wsrm:Nack> wsrm:MessageNumberType </wsrm:Nack> + ] ... </wsrm:SequenceAcknowledgement> 972 The following describes the content model of the SequenceAcknowledgement header block. 973 /wsrm:SequenceAcknowledgement 974 This element contains the Sequence Acknowledgement information. 975 /wsrm:SequenceAcknowledgement/wsrm:Identifier 976 977 978 979 980 An RM Destination that includes a SequenceAcknowledgement header block in a SOAP envelope MUST include this element in that header block. The RM Destination MUST set the value of this element to the absolute URI (conformant with RFC3986) that uniquely identifies the Sequence. The RM Destination MUST NOT include multiple SequenceAcknowledgement header blocks that share the same value for Identifier within the same SOAP envelope. 981 /wsrm:SequenceAcknowledgement/wsrm:Identifier/@{any} 982 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 983 to the element. 984 /wsrm:SequenceAcknowledgement/wsrm:AcknowledgementRange wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 27 of 62 Slide 28: 985 986 987 988 989 The RM Destination MAY include one or more instances of this element within a SequenceAcknowledgement header block. It contains a range of Sequence message numbers successfully accepted by the RM Destination. The ranges MUST NOT overlap. The RM Destination MUST NOT include this element if a sibling Nack or None element is also present as a child of SequenceAcknowledgement. 990 /wsrm:SequenceAcknowledgement/wsrm:AcknowledgementRange/@Upper 991 The RM Destination MUST set the value of this attribute equal to the message number of the 992 highest contiguous message in a Sequence range accepted by the RM Destination. 993 /wsrm:SequenceAcknowledgement/wsrm:AcknowledgementRange/@Lower 994 The RM Destination MUST set the value of this attribute equal to the message number of the 995 lowest contiguous message in a Sequence range accepted by the RM Destination. 996 /wsrm:SequenceAcknowledgement/wsrm:AcknowledgementRange/@{any} 997 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 998 to the element. 999 /wsrm:SequenceAcknowledgement/wsrm:None 1000 1001 1002 1003 The RM Destination MUST include this element within a SequenceAcknowledgement header block if the RM Destination has not accepted any messages for the specified Sequence. The RM Destination MUST NOT include this element if a sibling AcknowledgementRange or Nack element is also present as a child of the SequenceAcknowledgement. 1004 /wsrm:SequenceAcknowledgement/wsrm:Final 1005 1006 1007 1008 1009 1010 1011 The RM Destination MAY include this element within a SequenceAcknowledgement header block. This element indicates that the RM Destination is not receiving new messages for the specified Sequence. The RM Source can be assured that the ranges of messages acknowledged by this SequenceAcknowledgement header block will not change in the future. The RM Destination MUST include this element when the Sequence is closed. The RM Destination MUST NOT include this element when sending a Nack; it can only be used when sending AcknowledgementRange elements or a None. 1012 /wsrm:SequenceAcknowledgement/wsrm:Nack 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 The RM Destination MAY include this element within a SequenceAcknowledgement header block. If used, the RM Destination MUST set the value of this element to a MessageNumberType representing the MessageNumber of an unreceived message in a Sequence. The RM Destination MUST NOT include a Nack element if a sibling AcknowledgementRange or None element is also present as a child of SequenceAcknowledgement. Upon the receipt of a Nack, an RM Source SHOULD retransmit the message identified by the Nack. The RM Destination MUST NOT issue a SequenceAcknowledgement containing a Nack for a message that it has previously acknowledged within an AcknowledgementRange. The RM Source SHOULD ignore a SequenceAcknowledgement containing a Nack for a message that has previously been acknowledged within an AcknowledgementRange. 1023 /wsrm:SequenceAcknowledgement/{any} 1024 1025 This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed. 1026 /wsrm:SequenceAcknowledgement/@{any} 1027 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 1028 to the element. 1029 The following examples illustrate SequenceAcknowledgement elements: wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 28 of 62 Slide 29: 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047  Message numbers 1...10 inclusive in a Sequence have been accepted by the RM Destination. <wsrm:SequenceAcknowledgement> <wsrm:Identifier>http://example.com/abc</wsrm:Identifier> <wsrm:AcknowledgementRange Upper="10" Lower="1"/> </wsrm:SequenceAcknowledgement>  Message numbers 1..2, 4..6, and 8..10 inclusive in a Sequence have been accepted by the RM Destination, messages 3 and 7 have not been accepted. <wsrm:SequenceAcknowledgement> <wsrm:Identifier>http://example.com/abc</wsrm:Identifier> <wsrm:AcknowledgementRange Upper="2" Lower="1"/> <wsrm:AcknowledgementRange Upper="6" Lower="4"/> <wsrm:AcknowledgementRange Upper="10" Lower="8"/> </wsrm:SequenceAcknowledgement>  Message number 3 in a Sequence has not been accepted by the RM Destination. <wsrm:SequenceAcknowledgement> <wsrm:Identifier>http://example.com/abc</wsrm:Identifier> <wsrm:Nack>3</wsrm:Nack> </wsrm:SequenceAcknowledgement> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 29 of 62 Slide 30: 1048 1049 1050 1051 1052 1053 1054 1055 4 Faults Faults for the CreateSequence message exchange are treated as defined in WS-Addressing. Create Sequence Refused is a possible fault reply for this operation. Unknown Sequence is a fault generated by Endpoints when messages carrying RM header blocks targeted at unrecognized or terminated Sequences are detected. WSRMRequired is a fault generated by an RM Destination that requires the use of WS-RM on a Received message that did not use the protocol. All other faults in this section relate to known Sequences. Destinations that generate faults related to known sequences SHOULD transmit those faults. If transmitted, such faults MUST be transmitted to the same [destination] as Acknowledgement messages. 1056 Entities that generate WS-ReliableMessaging faults MUST include as the [action] property the default fault 1057 action IRI defined below. The value from the W3C Recommendation is below for informational purposes: 1058 http://docs.oasis-open.org/ws-rx/wsrm/200702/fault 1059 The faults defined in this section are generated if the condition stated in the preamble is met. Fault 1060 handling rules are defined in section 6 of WS-Addressing SOAP Binding. 1061 The definitions of faults use the following properties: 1062 [Code] The fault code. 1063 [Subcode] The fault subcode. 1064 [Reason] The English language reason element. 1065 [Detail] The detail element(s). If absent, no detail element is defined for the fault. If more than one detail 1066 element is defined for a fault, implementations MUST include the elements in the order that they are 1067 specified. 1068 Entities that generate WS-ReliableMessaging faults MUST set the [Code] property to either "Sender" or 1069 "Receiver". These properties are serialized into text XML as follows: SOAP Version SOAP 1.1 SOAP 1.2 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 Sender S11:Client S:Sender Receiver S11:Server S:Receiver 1070 The properties above bind to a SOAP 1.2 fault as follows: <S:Envelope> <S:Header> <wsa:Action> http://docs.oasis-open.org/ws-rx/wsrm/200702/fault </wsa:Action> <!-- Headers elided for brevity. --> </S:Header> <S:Body> <S:Fault> <S:Code> <S:Value> [Code] </S:Value> <S:Subcode> <S:Value> [Subcode] </S:Value> </S:Subcode> </S:Code> <S:Reason> <S:Text xml:lang="en"> [Reason] </S:Text> </S:Reason> <S:Detail> [Detail] wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 30 of 62 Slide 31: 1091 1092 1093 1094 1095 ... </S:Detail> </S:Fault> </S:Body> </S:Envelope> 1096 The properties above bind to a SOAP 1.1 fault as follows when the fault is triggered by processing an RM 1097 header block: 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 <S11:Envelope> <S11:Header> <wsrm:SequenceFault> <wsrm:FaultCode> wsrm:FaultCodes </wsrm:FaultCode> <wsrm:Detail> [Detail] </wsrm:Detail> ... </wsrm:SequenceFault> <!-- Headers elided for brevity. --> </S11:Header> <S11:Body> <S11:Fault> <faultcode> [Code] </faultcode> <faultstring> [Reason] </faultstring> </S11:Fault> </S11:Body> </S11:Envelope> 1114 The properties bind to a SOAP 1.1 fault as follows when the fault is generated as a result of processing a 1115 CreateSequence request message: 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 <S11:Envelope> <S11:Body> <S11:Fault> <faultcode> [Subcode] </faultcode> <faultstring> [Reason] </faultstring> </S11:Fault> </S11:Body> </S11:Envelope> 4.1 SequenceFault Element The purpose of the SequenceFault element is to carry the specific details of a fault generated during the reliable messaging specific processing of a message belonging to a Sequence. WS-ReliableMessaging nodes MUST use the SequenceFault container only in conjunction with the SOAP 1.1 fault mechanism. WS-ReliableMessaging nodes MUST NOT use the SequenceFault container in conjunction with the SOAP 1.2 binding. 1130 The following exemplar defines its syntax: 1131 1132 1133 1134 1135 <wsrm:SequenceFault ...> <wsrm:FaultCode> wsrm:FaultCode </wsrm:FaultCode> <wsrm:Detail> ... </wsrm:Detail> ? ... </wsrm:SequenceFault> 1136 The following describes the content model of the SequenceFault element. 1137 /wsrm:SequenceFault 1138 This is the element containing Sequence fault information for WS-ReliableMessaging 1139 /wsrm:SequenceFault/wsrm:FaultCode wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 31 of 62 Slide 32: 1140 1141 WS-ReliableMessaging nodes that generate a SequenceFault MUST set the value of this element to a qualified name from the set of faults [Subcodes] defined below. 1142 /wsrm:SequenceFault/wsrm:Detail 1143 This element, if present, carries application specific error information related to the fault being 1144 described. 1145 /wsrm:SequenceFault/wsrm:Detail/{any} 1146 The application specific error information related to the fault being described. 1147 /wsrm:SequenceFault/wsrm:Detail/@{any} 1148 The application specific error information related to the fault being described. 1149 /wsrm:SequenceFault/{any} 1150 This is an extensibility mechanism to allow different (extensible) types of information, based on a 1151 schema, to be passed. 1152 /wsrm:SequenceFault/@{any} 1153 This is an extensibility mechanism to allow additional attributes, based on schemas, to be added 1154 to the element. 1155 4.2 Sequence Terminated 1156 The Endpoint that generates this fault SHOULD make every reasonable effort to notify the corresponding 1157 Endpoint of this decision. 1158 Properties: 1159 [Code] Sender or Receiver 1160 [Subcode] wsrm:SequenceTerminated 1161 [Reason] The Sequence has been terminated due to an unrecoverable error. 1162 [Detail] 1163 <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> Generated by RM Source or RM Destination. Condition Encountering an unrecoverable condition or detection of violation of the protocol. Action Upon Generation Sequence termination. Action Upon Receipt MUST terminate the Sequence if not otherwise terminated. 1164 4.3 Unknown Sequence 1165 Properties: 1166 [Code] Sender 1167 [Subcode] wsrm:UnknownSequence wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 32 of 62 Slide 33: 1168 [Reason] The value of wsrm:Identifier is not a known Sequence identifier. 1169 [Detail] 1170 <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> Generated by RM Source or RM Destination. Condition In response to a message containing an unknown or terminated Sequence identifier. Action Upon Generation None. Action Upon Receipt MUST terminate the Sequence if not otherwise terminated. 1171 4.4 Invalid Acknowledgement 1172 An example of when this fault is generated is when a message is Received by the RM Source containing 1173 a SequenceAcknowledgement covering messages that have not been sent. 1174 [Code] Sender 1175 [Subcode] wsrm:InvalidAcknowledgement 1176 [Reason] The SequenceAcknowledgement violates the cumulative Acknowledgement invariant. 1177 [Detail] 1178 <wsrm:SequenceAcknowledgement ...> ... </wsrm:SequenceAcknowledgement> Generated by RM Source. Condition Action Upon Generation Action Upon Receipt Unspecified. In response to a Unspecified. SequenceAcknowledg ement that violate the invariants stated in 2.3 or any of the requirements in 3.9 about valid combinations of AckRange, Nack and None in a single SequenceAcknowledg ement element or with respect to already Received such elements. 1179 4.5 Message Number Rollover 1180 If the condition listed below is reached, the RM Destination MUST generate this fault. 1181 Properties: 1182 [Code] Sender 1183 [Subcode] wsrm:MessageNumberRollover wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 33 of 62 Slide 34: 1184 [Reason] The maximum value for wsrm:MessageNumber has been exceeded. 1185 [Detail] 1186 1187 <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> <wsrm:MaxMessageNumber> wsrm:MessageNumberType </wsrm:MaxMessageNumber> Generated by RM Destination. Condition Message number in /wsrm:Sequence/wsr m:MessageNumber of a Received message exceeds the internal limitations of an RM Destination or reaches the maximum value of 9,223,372,036,854,775,8 07. Action Upon Generation RM Destination SHOULD continue to accept undelivered messages until the Sequence is closed or terminated. Action Upon Receipt RM Source SHOULD continue to retransmit undelivered messages until the Sequence is closed or terminated. 1188 4.6 Create Sequence Refused 1189 Properties: 1190 [Code] Sender or Receiver 1191 [Subcode] wsrm:CreateSequenceRefused 1192 [Reason] The Create Sequence request has been refused by the RM Destination. 1193 [Detail] 1194 xs:any Generated by RM Destination. Condition In response to a CreateSequence message when the RM Destination does not wish to create a new Sequence. Action Upon Generation Unspecified. Action Upon Receipt Sequence terminated. 1195 4.7 Sequence Closed 1196 This fault is generated by an RM Destination to indicate that the specified Sequence has been closed. 1197 This fault MUST be generated when an RM Destination is asked to accept a message for a Sequence that 1198 is closed. 1199 Properties: 1200 [Code] Sender 1201 [Subcode] wsrm:SequenceClosed wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 34 of 62 Slide 35: 1202 [Reason] The Sequence is closed and cannot accept new messages. 1203 [Detail] 1204 <wsrm:Identifier...> xs:anyURI </wsrm:Identifier> Generated by RM Destination. Condition Action Upon Generation Action Upon Receipt Sequence closed. In response to a Unspecified. message that belongs to a Sequence that is already closed. 1205 4.8 WSRM Required 1206 If an RM Destination requires the use of WS-RM, this fault is generated when it Receives an incoming 1207 message that did not use this protocol. 1208 Properties: 1209 [Code] Sender 1210 [Subcode] wsrm:WSRMRequired 1211 [Reason] The RM Destination requires the use of WSRM. 1212 [Detail] 1213 xs:any wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 35 of 62 Slide 36: 1214 5 Security Threats and Countermeasures This specification makes no assumptions about the security requirements of the applications that use WSRM. However, once those requirements have been satisfied within a given operational context, the addition of WS-RM to this operational context should not undermine the fulfillment of those requirements; the use of WS-RM should not create additional attack vectors within an otherwise secure system. There are many other security concerns that one may need to consider when implementing or using this protocol. The material below should not be considered as a "check list". Implementers and users of this protocol are urged to perform a security analysis to determine their particular threat profile and the appropriate responses to those threats. Implementers are also advised that there is a core tension between security and reliable messaging that can be problematic if not addressed by implementations; one aspect of security is to prevent message replay but one of the invariants of this protocol is to resend messages until they are acknowledged. Consequently, if the security sub-system processes a message but a failure occurs before the reliable messaging sub-system Receives that message, then it is possible (and likely) that the security sub-system will treat subsequent copies as replays and discard them. At the same time, the reliable messaging subsystem will likely continue to expect and even solicit the missing message(s). Care should be taken to avoid and prevent this condition. 1215 This specification considers two sets of security requirements, those of the applications that use the WS1216 RM protocol and those of the protocol itself. 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 5.1 Threats and Countermeasures The primary security requirement of this protocol is to protect the specified semantics and protocol invariants against various threats. The following sections describe several threats to the integrity and operation of this protocol and provide some general outlines of countermeasures to those threats. Implementers and users of this protocol should keep in mind that all threats are not necessarily applicable to all operational contexts. 5.1.1 Integrity Threats In general, any mechanism which allows an attacker to alter the information in a Sequence Traffic Message, Sequence Lifecycle Message, Acknowledgement Messages, Acknowledgement Request, or Sequence-related fault, or which allows an attacker to alter the correlation of a RM Protocol Header Block to its intended message represents a threat to the WS-RM protocol. For example, if an attacker is able to swap Sequence headers on messages in transit between the RM Source and RM Destination then they have undermined the implementation's ability to guarantee the first invariant described in section 2.3. The result is that there is no way of guaranteeing that messages will be Delivered to the Application Destination in the same order that they were sent by the Application Source. 1248 5.1.1.1 Countermeasures 1249 1250 1251 1252 1253 Integrity threats are generally countered via the use of digital signatures some level of the communication protocol stack. Note that, in order to counter header swapping attacks, the signature SHOULD include both the SOAP body and any relevant SOAP headers (e.g. Sequence header). Because some headers (AckRequested, SequenceAcknowledgement) are independent of the body of the SOAP message in which they occur, implementations MUST allow for signatures that cover only these headers. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 36 of 62 Slide 37: 1254 1255 1256 1257 1258 1259 1260 1261 5.1.2 Resource Consumption Threats The creation of a Sequence with an RM Destination consumes various resources on the systems used to implement that RM Destination. These resources can include network connections, database tables, message queues, etc. This behavior can be exploited to conduct denial of service attacks against an RM Destination. For example, a simple attack is to repeatedly send CreateSequence messages to an RM Destination. Another attack is to create a Sequence for a service that is known to require in-order message Delivery and use this Sequence to send a stream of very large messages to that service, making sure to omit message number “1” from that stream. 1262 5.1.2.1 Countermeasures 1263 1264 1265 1266 There are a number of countermeasures against the described resource consumption threats. The technique advocated by this specification is for the RM Destination to restrict the ability to create a Sequence to a specific set of entities/principals. This reduces the number of potential attackers and, in some cases, allows the identity of any attackers to be determined. 1267 The ability to restrict Sequence creation depends, in turn, upon the RM Destination's ability to identify and 1268 authenticate the RM Source that issued the CreateSequence message. 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 5.1.3 Sequence Spoofing Threats Sequence spoofing is a class of threats in which the attacker uses knowledge of the Identifier for a particular Sequence to forge Sequence Lifecycle or Traffic Messages. For example the attacker creates a fake TerminateSequence message that references the target Sequence and sends this message to the appropriate RM Destination. Some sequence spoofing attacks also require up-to-date knowledge of the current MessageNumber for their target Sequence. In general any Sequence Lifecycle Message, RM Protocol Header Block, or sequence-correlated SOAP fault (e.g. InvalidAcknowledgement) can be used by someone with knowledge of the Sequence identifier to attack the Sequence. These attacks are “two-way” in that an attacker may choose to target the RM Source by, for example, inserting a fake SequenceAcknowledgement header into a message that it sends to the AcksTo EPR of an RM Source. 1280 5.1.3.1 Sequence Hijacking 1281 Sequence hijacking is a specific case of a sequence spoofing attack. The attacker attempts to inject 1282 Sequence Traffic Messages into an existing Sequence by inserting fake Sequence headers into those 1283 messages. 1284 1285 1286 1287 1288 1289 1290 Note that “sequence hijacking” should not be equated with “security session hijacking”. Although a Sequence may be bound to some form of a security session in order to counter the threats described in this section, applications MUST NOT rely on WS-RM-related information to make determinations about the identity of the entity that created a message; applications SHOULD rely only upon information that is established by the security infrastructure to make such determinations. Failure to observe this rule creates, among other problems, a situation in which the absence of WS-RM may deprive an application of the ability to authenticate its peers even though the necessary security processing has taken place. 1291 5.1.3.2 Countermeasures 1292 1293 1294 1295 1296 There are a number of countermeasures against sequence spoofing threats. The technique advocated by this specification is to consider the Sequence to be a shared resource that is jointly owned by the RM Source that initiated its creation (i.e. that sent the CreateSequence message) and the RM Destination that serves as its terminus (i.e. that sent the CreateSequenceResponse message). To counter sequence spoofing attempts the RM Destination SHOULD ensure that every message or fault that it Receives that wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 37 of 62 Slide 38: 1297 refers to a particular Sequence originated from the RM Source that jointly owns the referenced Sequence. 1298 For its part the RM Source SHOULD ensure that every message or fault that it Receives that refers to a 1299 particular Sequence originated from the RM Destination that jointly owns the referenced Sequence. 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 For the RM Destination to be able to identify its sequence peer it MUST be able to identify and authenticate the entity that sent the CreateSequence message. Similarly for the RM Source to identify its sequence peer it MUST be able to identify and authenticate the entity that sent the CreateSequenceResponse message. For either the RM Destination or the RM Source to determine if a message was sent by its sequence peer it MUST be able to identify and authenticate the initiator of that message and, if necessary, correlate this identity with the sequence peer identity established at sequence creation time. 5.2 Security Solutions and Technologies The security threats described in the previous sections are neither new nor unique. The solutions that have been developed to secure other SOAP-based protocols can be used to secure WS-RM as well. This section maps the facilities provided by common web services security solutions against countermeasures described in the previous sections. Before continuing this discussion, however, some examination of the underlying requirements of the previously described countermeasures is necessary. Specifically it should be noted that the technique described in section 5.1.2.1 has two components. Firstly, the RM Destination identifies and authenticates the issuer of a CreateSequence message. Secondly, the RM Destination performs an authorization check against this authenticated identity and determines if the RM Source is permitted to create Sequences with the RM Destination. Since the facilities for performing this authorization check (runtime infrastructure, policy frameworks, etc.) lie completely within the domain of individual implementations, any discussion of such facilities is considered to be beyond the scope of this specification. 5.2.1 Transport Layer Security 1321 This section describes how the facilities provided by SSL/TLS [RFC 4346] can be used to implement the 1322 countermeasures described in the previous sections. The use of SSL/TLS is subject to the constraints 1323 defined in section 4 of the Basic Security Profile 1.0 [BSP 1.0]. 1324 1325 1326 1327 1328 The description provided here is general in nature and is not intended to serve as a complete definition on the use of SSL/TLS to protect WS-RM. In order to interoperate implementations need to agree on the choice of features as well as the manner in which they will be used. The mechanisms described in the Web Services Security Policy Language [SecurityPolicy] MAY be used by services to describe the requirements and constraints of the use of SSL/TLS. 1329 5.2.1.1 Model 1330 The basic model for using SSL/TLS is as follows: 1331 1332 1333 1334 1335 1336 1337 1338 1. The RM Source establishes an SSL/TLS session with the RM Destination. 2. The RM Source uses this SSL/TLS session to send a CreateSequence message to the RM Destination. 3. The RM Destination establishes an SSL/TLS session with the RM Source and sends an asynchronous CreateSequenceResponse using this session. Alternately it may respond with a synchronous CreateSequenceResponse using the session established in (1). 4. For the lifetime of the Sequence the RM Source uses the SSL/TLS session from (1) to Transmit any and all messages or faults that refer to that Sequence. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 38 of 62 Slide 39: 1339 1340 1341 5. For the lifetime of the Sequence the RM Destination either uses the SSL/TLS session established in (3) to Transmit any and all messages or faults that refer to that Sequence or, for synchronous exchanges, the RM Destination uses the SSL/TLS session established in (1). 1342 5.2.1.2 Countermeasure Implementation 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 Used in its simplest fashion (without relying upon any authentication mechanisms), SSL/TLS provides the necessary integrity qualities to counter the threats described in section 5.1.1. Note, however, that the nature of SSL/TLS limits the scope of this integrity protection to a single transport level session. If SSL/TLS is the only mechanism used to provide integrity, any intermediaries between the RM Source and the RM Destination MUST be trusted to preserve the integrity of the messages that flow through them. As noted, the technique described in sections 5.1.2.1 involves the use of authentication. This specification advocates either of two mechanisms for authenticating entities using SSL/TLS. In both of these methods the SSL/TLS server (the party accepting the SSL/TLS connection) authenticates itself to the SSL/TLS client using an X.509 certificate that is exchanged during the SSL/TLS handshake.  HTTP Basic Authentication: This method of authentication presupposes that a SOAP/HTTP binding is being used as part of the protocol stack beneath WS-RM. Subsequent to the establishment of the SSL/TLS session, the sending party authenticates itself to the receiving party using HTTP Basic Authentication [RFC 2617]. For example, a RM Source might authenticate itself to a RM Destination (e.g. when transmitting a Sequence Traffic Message) using BasicAuth. Similarly the RM Destination might authenticate itself to the RM Source (e.g. when sending an Acknowledgement) using BasicAuth. SSL/TLS Client Authentication: In this method of authentication, the party initiating the connection authenticates itself to the party accepting the connection using an X.509 certificate that is exchanged during the SSL/TLS handshake.  1362 To implement the countermeasures described in section 5.1.2.1 the RM Source must authenticate itself 1363 using one the above mechanisms. The authenticated identity can then be used to determine if the RM 1364 Source is authorized to create a Sequence with the RM Destination. 1365 1366 1367 1368 1369 1370 1371 1372 1373 This specification advocates implementing the countermeasures described in section 5.1.3.2 by requiring an RM node's Sequence peer to be equivalent to their SSL/TLS session peer. This allows the authorization decisions described in section 5.1.3.2 to be based on SSL/TLS session identity rather than on authentication information. For example, an RM Destination can determine that a Sequence Traffic Message rightfully belongs to its referenced Sequence if that message arrived over the same SSL/TLS session that was used to carry the CreateSequence message for that Sequence. Note that requiring a one-to-one relationship between SSL/TLS session peer and Sequence peer constrains the lifetime of a SSL/TLS-protected Sequence to be less than or equal to the lifetime of the SSL/TLS session that is used to protect that Sequence. 1374 This specification does not preclude the use of other methods of using SSL/TLS to implement the 1375 countermeasures (such as associating specific authentication information with a Sequence) although such 1376 methods are not covered by this document. 1377 Issues specific to the life-cycle management of SSL/TLS sessions (such as the resumption of a SSL/TLS 1378 session) are outside the scope of this specification. 1379 1380 1381 1382 1383 1384 5.2.2 SOAP Message Security The mechanisms described in WS-Security may be used in various ways to implement the countermeasures described in the previous sections. This specification advocates using the protocol described by WS-SecureConversation [SecureConversation] (optionally in conjunction with WS-Trust [Trust]) as a mechanism for protecting Sequences. The use of WS-Security (as an underlying component of WS-SecureConversation) is subject to the constraints defined in the Basic Security Profile 1.0. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 39 of 62 Slide 40: 1385 1386 1387 1388 1389 The description provided here is general in nature and is not intended to serve as a complete definition on the use of WS-SecureConversation/WS-Trust to protect WS-RM. In order to interoperate implementations need to agree on the choice of features as well as the manner in which they will be used. The mechanisms described in the Web Services Security Policy Language MAY be used by services to describe the requirements and constraints of the use of WS-SecureConversation. 1390 5.2.2.1 Model 1391 The basic model for using WS-SecureConversation is as follows: 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1 The RM Source and the RM Destination create a WS-SecureConversation security context. This may involve the participation of third parties such as a security token service. The tokens exchanged may contain authentication claims (e.g. X.509 certificates or Kerberos service tickets). During the CreateSequence exchange, the RM Source SHOULD explicitly identify the security context that will be used to protect the Sequence. This is done so that, in cases where the CreateSequence message is signed by more than one security context, the RM Source can indicate which security context should be used to protect the newly created Sequence. For the lifetime of the Sequence the RM Source and the RM Destination use the session key(s) associated with the security context to sign (as defined by WS-Security) at least the body and any relevant WS-RM-defined headers of any and all messages or faults that refer to that Sequence. 2 3 1404 5.2.2.2 Countermeasure Implementation 1405 Without relying upon any authentication information, the per-message signatures provide the necessary 1406 integrity qualities to counter the threats described in section 5.1.1. 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 To implement the countermeasures described in section 5.1.2.1 some mutually agreed upon form of authentication claims must be provided by the RM Source to the RM Destination during the establishment of the Security Context. These claims can then be used to determine if the RM Source is authorized to create a Sequence with the RM Destination. This specification advocates implementing the countermeasures described in section 5.1.3.2 by requiring an RM node's Sequence peer to be equivalent to their security context session peer. This allows the authorization decisions described in section 5.1.3.2 to be based on the identity of the message's security context rather than on any authentication claims that may have been established during security context initiation. Note that other methods of using WS-SecureConversation to implement the countermeasures (such as associating specific authentication claims to a Sequence) are possible but not covered by this document. As with transport security, the requisite equivalence of a security context peer with a Sequence peer limits the lifetime of a Sequence to the lifetime of the protecting security context. Unlike transport security, the association between a Sequence and its protecting security context cannot always be established implicitly at Sequence creation time. This is due to the fact that the CreateSequence and CreateSequenceResponse messages may be signed by more than one security context. 1423 Issues specific to the life-cycle management of WS-SecureConversation security contexts (such as 1424 amending or renewing contexts) are outside the scope of this specification. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 40 of 62 Slide 41: 1425 6 Securing Sequences 1426 As noted in section 5, the RM Source and RM Destination should be able to protect their shared 1427 Sequences against the threat of Sequence Spoofing attacks. There are a number of OPTIONAL means of 1428 achieving this objective depending upon the underlying security infrastructure. 1429 1430 1431 1432 1433 1434 1435 1436 1437 6.1 Securing Sequences Using WS-Security One mechanism for protecting a Sequence is to include a security token using a wsse:SecurityTokenReference element from WS-Security (see section 9 in WSSecureConversation) in the CreateSequence element. This establishes an association between the created (and, if present, offered) Sequence(s) and the referenced security token, such that the RM Source and Destination MUST use the security token as the basis for authorization of all subsequent interactions related to the Sequence(s). The wsse:SecurityTokenReference explicitly identifies the token as there may be more than one token on a CreateSequence message or inferred from the communication context (e.g. transport protection). 1438 It is RECOMMENDED that a message independent referencing mechanism be used to identify the token, 1439 if the token being referenced supports such mechanism. 1440 The following exemplar defines the CreateSequence syntax when extended to include a 1441 wsse:SecurityTokenReference: 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 <wsrm:CreateSequence ...> <wsrm:AcksTo> wsa:EndpointReferenceType </wsrm:AcksTo> <wsrm:Expires ...> xs:duration </wsrm:Expires> ? <wsrm:Offer ...> <wsrm:Identifier ...> xs:anyURI </wsrm:Identifier> <wsrm:Endpoint> wsa:EndpointReferenceType </wsrm:Endpoint> <wsrm:Expires ...> xs:duration </wsrm:Expires> ? <wsrm:IncompleteSequenceBehavior> wsrm:IncompleteSequenceBehaviorType </wsrm:IncompleteSequenceBehavior> ? ... </wsrm:Offer> ? ... <wsse:SecurityTokenReference> ... </wsse:SecurityTokenReference> ? ... </wsrm:CreateSequence> 1460 The following describes the content model of the additional CreateSequence elements. 1461 /wsrm:CreateSequence/wsse:SecurityTokenReference 1462 1463 1464 1465 1466 1467 1468 This element uses the extensibility mechanism defined for the CreateSequence element (defined in section 3.4) to communicate an explicit reference to the security token, using a wsse:SecurityTokenReference as documented in WS-Security, that the RM Source and Destination MUST use to authorize messages for the created (and, if present, the offered) Sequence(s). All subsequent messages related to the created (and, if present, the offered) Sequence(s) MUST demonstrate proof-of-possession of the secret associated with the token (e.g., by using or deriving from a private or secret key). 1469 When a RM Source transmits a CreateSequence that has been extended to include a 1470 wsse:SecurityTokenReference it SHOULD ensure that the RM Destination both understands and wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 41 of 62 Slide 42: 1471 1472 1473 1474 1475 1476 1477 will conform to the requirements listed above. In order to achieve this, the RM Source SHOULD include the UsesSequenceSTR element as a SOAP header block within the CreateSequence message. This element MUST include a soap:mustUnderstand attribute with a value of „true‟. Thus the RM Source can be assured that a RM Destination that responds with a CreateSequenceResponse understands and conforms with the requirements listed above. Note that an RM Destination understanding this header does not mean that it has processed and understood any WS-Security headers, the fault behavior defined in WS-Security still applies. 1478 The following exemplar defines the UsesSequenceSTR syntax: 1479 <wsrm:UsesSequenceSTR ... /> 1480 The following describes the content model of the UsesSequenceSTR header block. 1481 /wsrm:UsesSequenceSTR 1482 1483 1484 1485 1486 This element SHOULD be included as a SOAP header block in CreateSequence messages that use the extensibility mechanism described above in this section. The soap:mustUnderstand attribute value MUST be „true‟. The receiving RM Destination MUST understand and correctly implement the extension described above or else generate a soap:MustUnderstand fault, thus aborting the requested Sequence creation. 1487 The following is an example of a CreateSequence message using the 1488 wsse:SecurityTokenReference extension and the UsesSequenceSTR header block: 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 <soap:Envelope ...> <soap:Header> ... <wsrm:UsesSequenceSTR soap:mustUnderstand=’true’/> ... </soap:Header> <soap:Body> <wsrm:CreateSequence> <wsrm:AcksTo> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsrm:AcksTo> <wsse:SecurityTokenReference> ... </wsse:SecurityTokenReference> </wsrm:CreateSequence> </soap:Body> </soap:Envelope> 6.2 Securing Sequences Using SSL/TLS One mechanism for protecting a Sequence is to bind the Sequence to the underlying SSL/TLS session(s). The RM Source indicates to the RM Destination that a Sequence is to be bound to the underlying SSL/TLS session(s) via the UsesSequenceSSL header block. If the RM Source wishes to bind a Sequence to the underlying SSL/TLS sessions(s) it MUST include the UsesSequenceSSL element as a SOAP header block within the CreateSequence message. 1512 The following exemplar defines the UsesSequenceSSL syntax: 1513 <wsrm:UsesSequenceSSL soap:mustUnderstand=”true” ... /> 1514 The following describes the content model of the UsesSequenceSSL header block. 1515 /wsrm:UsesSequenceSSL 1516 1517 The RM Source MAY include this element as a SOAP header block of a CreateSequence message to indicate to the RM Destination that the resulting Sequence is to be bound to the wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 42 of 62 Slide 43: 1518 1519 1520 1521 1522 1523 1524 1525 1526 SSL/TLS session that was used to carry the CreateSequence message. If included, the RM Source MUST mark this header with a soap:mustUnderstand attribute with a value of „true‟. The receiving RM Destination MUST understand and correctly implement the functionality described in section 5.2.1 or else generate a soap:MustUnderstand fault, thus aborting the requested Sequence creation. Note that the inclusion of the above header by the RM Source implies that all Sequence-related information (Sequence Lifecycle or Acknowledgment messages or Sequence-related faults) flowing from the RM Destination to the RM Source will be bound to the SSL/TLS session that is used to carry the CreateSequenceResponse message. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 43 of 62 Slide 44: 1527 Appendix A. Schema http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-schema-200702.xsd 1528 The normative schema that is defined for WS-ReliableMessaging using [XML-Schema Part1] and [XML1529 Schema Part2] is located at: 1530 1531 The following copy is provided for reference. 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 <?xml version="1.0" encoding="UTF-8"?> <!-- Copyright(C) OASIS(R) 1993-2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. --> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsrm="http://docs.oasisopen.org/ws-rx/wsrm/200702" targetNamespace="http://docs.oasis-open.org/wsrx/wsrm/200702" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:import namespace="http://www.w3.org/2005/08/addressing" schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd"/> <!-- Protocol Elements --> <xs:complexType name="SequenceType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:element name="MessageNumber" type="wsrm:MessageNumberType"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:element name="Sequence" type="wsrm:SequenceType"/> <xs:element name="SequenceAcknowledgement"> <xs:complexType> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:choice> <xs:sequence> <xs:choice> <xs:element name="AcknowledgementRange" maxOccurs="unbounded"> <xs:complexType> <xs:sequence/> <xs:attribute name="Upper" type="xs:unsignedLong" use="required"/> <xs:attribute name="Lower" type="xs:unsignedLong" use="required"/> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> </xs:element> <xs:element name="None"> <xs:complexType> <xs:sequence/> </xs:complexType> </xs:element> </xs:choice> <xs:element name="Final" minOccurs="0"> <xs:complexType> <xs:sequence/> </xs:complexType> </xs:element> </xs:sequence> <xs:element name="Nack" type="xs:unsignedLong" wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 44 of 62 Slide 45: 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 maxOccurs="unbounded"/> </xs:choice> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> </xs:element> <xs:complexType name="AckRequestedType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:element name="AckRequested" type="wsrm:AckRequestedType"/> <xs:element name="Identifier"> <xs:complexType> <xs:annotation> <xs:documentation> This type is for elements whose [children] is an anyURI and can have arbitrary attributes. </xs:documentation> </xs:annotation> <xs:simpleContent> <xs:extension base="xs:anyURI"> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <xs:element name="Address"> <xs:complexType> <xs:simpleContent> <xs:extension base="xs:anyURI"> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <xs:simpleType name="MessageNumberType"> <xs:restriction base="xs:unsignedLong"> <xs:minInclusive value="1"/> <xs:maxInclusive value="9223372036854775807"/> </xs:restriction> </xs:simpleType> <!-- Fault Container and Codes --> <xs:simpleType name="FaultCodes"> <xs:restriction base="xs:QName"> <xs:enumeration value="wsrm:SequenceTerminated"/> <xs:enumeration value="wsrm:UnknownSequence"/> <xs:enumeration value="wsrm:InvalidAcknowledgement"/> <xs:enumeration value="wsrm:MessageNumberRollover"/> <xs:enumeration value="wsrm:CreateSequenceRefused"/> <xs:enumeration value="wsrm:SequenceClosed"/> <xs:enumeration value="wsrm:WSRMRequired"/> </xs:restriction> </xs:simpleType> <xs:complexType name="SequenceFaultType"> <xs:sequence> <xs:element name="FaultCode" type="wsrm:FaultCodes"/> <xs:element name="Detail" type="wsrm:DetailType" minOccurs="0"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 45 of 62 Slide 46: 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:complexType name="DetailType"> <xs:sequence> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:element name="SequenceFault" type="wsrm:SequenceFaultType"/> <xs:element name="CreateSequence" type="wsrm:CreateSequenceType"/> <xs:element name="CreateSequenceResponse" type="wsrm:CreateSequenceResponseType"/> <xs:element name="CloseSequence" type="wsrm:CloseSequenceType"/> <xs:element name="CloseSequenceResponse" type="wsrm:CloseSequenceResponseType"/> <xs:element name="TerminateSequence" type="wsrm:TerminateSequenceType"/> <xs:element name="TerminateSequenceResponse" type="wsrm:TerminateSequenceResponseType"/> <xs:complexType name="CreateSequenceType"> <xs:sequence> <xs:element ref="wsrm:AcksTo"/> <xs:element ref="wsrm:Expires" minOccurs="0"/> <xs:element name="Offer" type="wsrm:OfferType" minOccurs="0"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"> <xs:annotation> <xs:documentation> It is the authors intent that this extensibility be used to transfer a Security Token Reference as defined in WS-Security. </xs:documentation> </xs:annotation> </xs:any> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:complexType name="CreateSequenceResponseType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:element ref="wsrm:Expires" minOccurs="0"/> <xs:element name="IncompleteSequenceBehavior" type="wsrm:IncompleteSequenceBehaviorType" minOccurs="0"/> <xs:element name="Accept" type="wsrm:AcceptType" minOccurs="0"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:complexType name="CloseSequenceType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:element name="LastMsgNumber" type="wsrm:MessageNumberType" minOccurs="0"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:complexType name="CloseSequenceResponseType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 46 of 62 Slide 47: 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:complexType name="TerminateSequenceType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:element name="LastMsgNumber" type="wsrm:MessageNumberType" minOccurs="0"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:complexType name="TerminateSequenceResponseType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:element name="AcksTo" type="wsa:EndpointReferenceType"/> <xs:complexType name="OfferType"> <xs:sequence> <xs:element ref="wsrm:Identifier"/> <xs:element name="Endpoint" type="wsa:EndpointReferenceType"/> <xs:element ref="wsrm:Expires" minOccurs="0"/> <xs:element name="IncompleteSequenceBehavior" type="wsrm:IncompleteSequenceBehaviorType" minOccurs="0"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:complexType name="AcceptType"> <xs:sequence> <xs:element ref="wsrm:AcksTo"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> <xs:element name="Expires"> <xs:complexType> <xs:simpleContent> <xs:extension base="xs:duration"> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <xs:simpleType name="IncompleteSequenceBehaviorType"> <xs:restriction base="xs:string"> <xs:enumeration value="DiscardEntireSequence"/> <xs:enumeration value="DiscardFollowingFirstGap"/> <xs:enumeration value="NoDiscard"/> </xs:restriction> </xs:simpleType> <xs:element name="UsesSequenceSTR"> <xs:complexType> <xs:sequence/> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 47 of 62 Slide 48: 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 </xs:element> <xs:element name="UsesSequenceSSL"> <xs:complexType> <xs:sequence/> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType> </xs:element> <xs:element name="UnsupportedElement"> <xs:simpleType> <xs:restriction base="xs:QName"/> </xs:simpleType> </xs:element> </xs:schema> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 48 of 62 Slide 49: 1788 Appendix B. WSDL 1789 This WSDL describes the WS-RM protocol from the point of view of an RM Destination. In the case where 1790 an endpoint acts both as an RM Destination and an RM Source, note that additional messages may be 1791 present in exchanges with that endpoint. 1792 Also note that this WSDL is intended to describe the internal structure of the WS-RM protocol, and will not 1793 generally appear in a description of a WS-RM-capable Web service. See WS-RM Policy [WS-RM Policy] 1794 for a higher-level mechanism to indicate that WS-RM is engaged. 1795 The normative WSDL 1.1 definition for WS-ReliableMessaging is located at: 1796 http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-wsdl-200702.wsdl 1797 The following non-normative copy is provided for reference. 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 <?xml version="1.0" encoding="utf-8"?> <!-- Copyright(C) OASIS(R) 1993-2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. --> <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata" xmlns:rm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:tns="http://docs.oasis-open.org/ws-rx/wsrm/200702/wsdl" targetNamespace="http://docs.oasis-open.org/ws-rx/wsrm/200702/wsdl"> <wsdl:types> <xs:schema> <xs:import namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" schemaLocation="http://docs.oasis-open.org/ws-rx/wsrm/200702/wsrm-1.1-schema200702.xsd"/> </xs:schema> </wsdl:types> <wsdl:message name="CreateSequence"> <wsdl:part name="create" element="rm:CreateSequence"/> </wsdl:message> <wsdl:message name="CreateSequenceResponse"> <wsdl:part name="createResponse" element="rm:CreateSequenceResponse"/> </wsdl:message> <wsdl:message name="CloseSequence"> <wsdl:part name="close" element="rm:CloseSequence"/> </wsdl:message> <wsdl:message name="CloseSequenceResponse"> <wsdl:part name="closeResponse" element="rm:CloseSequenceResponse"/> </wsdl:message> <wsdl:message name="TerminateSequence"> <wsdl:part name="terminate" element="rm:TerminateSequence"/> </wsdl:message> <wsdl:message name="TerminateSequenceResponse"> <wsdl:part name="terminateResponse" element="rm:TerminateSequenceResponse"/> </wsdl:message> <wsdl:portType name="SequenceAbstractPortType"> <wsdl:operation name="CreateSequence"> <wsdl:input message="tns:CreateSequence" wsam:Action="http://docs.oasisopen.org/ws-rx/wsrm/200702/CreateSequence"/> <wsdl:output message="tns:CreateSequenceResponse" wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 49 of 62 Slide 50: 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 wsam:Action="http://docs.oasis-open.org/wsrx/wsrm/200702/CreateSequenceResponse"/> </wsdl:operation> <wsdl:operation name="CloseSequence"> <wsdl:input message="tns:CloseSequence" wsam:Action="http://docs.oasisopen.org/ws-rx/wsrm/200702/CloseSequence"/> <wsdl:output message="tns:CloseSequenceResponse" wsam:Action="http://docs.oasis-open.org/wsrx/wsrm/200702/CloseSequenceResponse"/> </wsdl:operation> <wsdl:operation name="TerminateSequence"> <wsdl:input message="tns:TerminateSequence" wsam:Action="http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequence"/> <wsdl:output message="tns:TerminateSequenceResponse" wsam:Action="http://docs.oasis-open.org/wsrx/wsrm/200702/TerminateSequenceResponse"/> </wsdl:operation> </wsdl:portType> </wsdl:definitions> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 50 of 62 Slide 51: 1862 Appendix C. Message Examples Appendix C.1 Create Sequence <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://Business456.com/guid/0baaf88d-483b-4ecf-a6d8-a7c2eb546817 </wsa:MessageID> <wsa:To>http://example.com/serviceB/123</wsa:To> <wsa:Action>http://docs.oasis-open.org/wsrx/wsrm/200702/CreateSequence</wsa:Action> <wsa:ReplyTo> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsa:ReplyTo> </S:Header> <S:Body> <wsrm:CreateSequence> <wsrm:AcksTo> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsrm:AcksTo> </wsrm:CreateSequence> </S:Body> </S:Envelope> 1863 1864 Create Sequence 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 Create Sequence Response 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:To>http://Business456.com/serviceA/789</wsa:To> <wsa:RelatesTo> http://Business456.com/guid/0baaf88d-483b-4ecf-a6d8a7c2eb546817 </wsa:RelatesTo> <wsa:Action> http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponse </wsa:Action> </S:Header> <S:Body> <wsrm:CreateSequenceResponse> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> </wsrm:CreateSequenceResponse> </S:Body> </S:Envelope> Appendix C.2 Initial Transmission 1909 The following example WS-ReliableMessaging headers illustrate the message exchange in the above 1910 figure. The three messages have the following headers; the third message is identified as the last 1911 message in the Sequence: wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 51 of 62 Slide 52: 1912 Message 1 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://Business456.com/guid/71e0654e-5ce8-477b-bb9d-34f05cfcbc9e </wsa:MessageID> <wsa:To>http://example.com/serviceB/123</wsa:To> <wsa:From> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsa:From> <wsa:Action>http://example.com/serviceB/123/request</wsa:Action> <wsrm:Sequence> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> <wsrm:MessageNumber>1</wsrm:MessageNumber> </wsrm:Sequence> </S:Header> <S:Body> <!-- Some Application Data --> </S:Body> </S:Envelope> 1935 Message 2 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://Business456.com/guid/daa7d0b2-c8e0-476e-a9a4-d164154e38de </wsa:MessageID> <wsa:To>http://example.com/serviceB/123</wsa:To> <wsa:From> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsa:From> <wsa:Action>http://example.com/serviceB/123/request</wsa:Action> <wsrm:Sequence> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> <wsrm:MessageNumber>2</wsrm:MessageNumber> </wsrm:Sequence> </S:Header> <S:Body> <!-- Some Application Data --> </S:Body> </S:Envelope> 1958 Message 3 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://Business456.com/guid/0baaf88d-483b-4ecf-a6d8-a7c2eb546819 </wsa:MessageID> <wsa:To>http://example.com/serviceB/123</wsa:To> <wsa:From> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsa:From> <wsa:Action>http://example.com/serviceB/123/request</wsa:Action> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 52 of 62 Slide 53: 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 <wsrm:Sequence> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> <wsrm:MessageNumber>3</wsrm:MessageNumber> </wsrm:Sequence> <wsrm:AckRequested> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> </wsrm:AckRequested> </S:Header> <S:Body> <!-- Some Application Data --> </S:Body> </S:Envelope> Appendix C.3 First Acknowledgement 1985 Message number 2 has not been accepted by the RM Destination due to some transmission error so it 1986 responds with an Acknowledgement for messages 1 and 3: 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://example.com/guid/0baaf88d-483b-4ecf-a6d8-a7c2eb546810 </wsa:MessageID> <wsa:To>http://Business456.com/serviceA/789</wsa:To> <wsa:From> <wsa:Address>http://example.com/serviceB/123</wsa:Address> </wsa:From> <wsa:Action> http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement </wsa:Action> <wsrm:SequenceAcknowledgement> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> <wsrm:AcknowledgementRange Upper="1" Lower="1"/> <wsrm:AcknowledgementRange Upper="3" Lower="3"/> </wsrm:SequenceAcknowledgement> </S:Header> <S:Body/> </S:Envelope> Appendix C.4 Retransmission 2011 The RM Sourcediscovers that message number 2 was not accepted so it resends the message and 2012 requests an Acknowledgement: 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://Business456.com/guid/daa7d0b2-c8e0-476e-a9a4-d164154e38de </wsa:MessageID> <wsa:To>http://example.com/serviceB/123</wsa:To> <wsa:From> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsa:From> <wsa:Action>http://example.com/serviceB/123/request</wsa:Action> <wsrm:Sequence> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 53 of 62 Slide 54: 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> <wsrm:MessageNumber>2</wsrm:MessageNumber> </wsrm:Sequence> <wsrm:AckRequested> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> </wsrm:AckRequested> </S:Header> <S:Body> <!-- Some Application Data --> </S:Body> </S:Envelope> Appendix C.5 Termination 2039 The RM Destination now responds with an Acknowledgement for the complete Sequence which can then 2040 be terminated: 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://example.com/guid/0baaf88d-483b-4ecf-a6d8-a7c2eb546811 </wsa:MessageID> <wsa:To>http://Business456.com/serviceA/789</wsa:To> <wsa:From> <wsa:Address>http://example.com/serviceB/123</wsa:Address> </wsa:From> <wsa:Action> http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement </wsa:Action> <wsrm:SequenceAcknowledgement> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> <wsrm:AcknowledgementRange Upper="3" Lower="1"/> </wsrm:SequenceAcknowledgement> </S:Header> <S:Body/> </S:Envelope> 2063 Terminate Sequence 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://Business456.com/guid/0baaf88d-483b-4ecf-a6d8-a7c2eb546812 </wsa:MessageID> <wsa:To>http://example.com/serviceB/123</wsa:To> <wsa:Action> http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequence </wsa:Action> <wsa:From> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsa:From> </S:Header> <S:Body> <wsrm:TerminateSequence> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> <wsrm:LastMsgNumber> 3 </wsrm:LastMsgNumber> </wsrm:TerminateSequence> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 54 of 62 Slide 55: 2085 2086 </S:Body> </S:Envelope> 2087 Terminate Sequence Response 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <S:Header> <wsa:MessageID> http://Business456.com/guid/0baaf88d-483b-4ecf-a6d8-a7c2eb546813 </wsa:MessageID> <wsa:To>http://example.com/serviceA/789</wsa:To> <wsa:Action> http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequenceResponse </wsa:Action> <wsa:RelatesTo> http://Business456.com/guid/0baaf88d-483b-4ecf-a6d8-a7c2eb546812 </wsa:RelatesTo> <wsa:From> <wsa:Address>http://Business456.com/serviceA/789</wsa:Address> </wsa:From> </S:Header> <S:Body> <wsrm:TerminateSequenceResponse> <wsrm:Identifier>http://Business456.com/RM/ABC</wsrm:Identifier> </wsrm:TerminateSequenceResponse> </S:Body> </S:Envelope> wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 55 of 62 Slide 56: 2113 Appendix D. State Tables 2114 This appendix specifies the non-normative state transition tables for RM Source and RM Destination. 2115 The state tables describe the lifetime of a sequence in both the RM Source and the RM Destination 2116 Legend: 2117 The first column of these tables contains the motivating event and has the following format: Event 2118 Event name [source] {ref} 2119 Where: 2120 2121 2122 2123 2124 2125 2126   Event Name: indicates the name of the event. Event Names surrounded by “<>” are optional as described by the specification. [source]: indicates the source of the event; one of: o o o o [msg] a Received message [int]: an internal event such as the firing of a timer [app]: the application [unspec]: the source is unspecified 2127 Each event / state combination cell in the tables in this appendix has the following format: State Name Action to take [next state] {ref} 2128 Where: 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140  action to take: indicates that the state machine performs the following action. Actions surrounded by “<>” are optional as described by the specification. “Xmit” is used as a short form for the word “Transmit” [next state]: indicates the state to which the state machine will advance upon the performance of the action. For ease of reading the next state “same” indicates that the state does not change. {ref} is a reference to the document section describing the behavior in this cell   “N/A” in a cell indicates a state / event combination self-inconsistent with the state machine; should these conditions occur, it would indicate an implementation error. A blank cell indicates that the behavior is not described in this specification and does not indicate normal protocol operation. Implementations MAY generate a Sequence Terminated fault (see section 4.2) in these circumstances. Robust implementations MUST be able to operate in a stable manner despite the occurrence of unspecified event / state combinations. wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 56 of 62 Slide 57: 2141 Table 1 RM Source Sequence State Transition Table Events None Create Sequence [unspec] {3.4} Create Sequence Response [msg] {3.4) Xmit Create Sequence [Creating] {3.4} Creating N/A N/A Sequence States Created N/A Closing N/A Closed Terminating N/A Process Create Sequence Response [Created] {3.4} No action [None] {4.6} N/A N/A Xmit message [Same] {2} N/A N/A Xmit message [Same] {2.3} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} N/A Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Process Ack ranges [Same] {3.9} <Xmit message(s)> [Same] {3.9} No action [Same] {2} Xmit message [Same] {2.3} Process Ack ranges [Same] {3.9} <Xmit message(s)> [Same] {3.9} Process Ack ranges [Same] {3.9} No action [Same] Process Ack ranges [Same] {3.9} No action [Same] N/A N/A N/A N/A Create Sequence Refused Fault [msg] {3.4} Send message [app] {2.1} Retransmit of unack’d message [int] SeqAck (non-final) [msg] {3.9} Nack [msg] {3.9) Message Number Rollover Fault [msg] No action [Rollover] No action [Same] No action [Same] No action [Same] CloseSequence [msg] {3.5} Xmit CloseSequence Response [Closed] {3.5} Xmit Close Sequence [Closing] {3.5} Xmit CloseSequence Response [Closed] {3.5} N/A Xmit CloseSequence Response [Closed] {3.5} N/A Generate Unknown Sequence Fault [Same] {4.3} N/A <Close Sequence> [int] {3.5} Close Sequence Response [msg] {3.5} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} No action [Closed] {3.5} No action [Same] {3.5} No action [Same] {3.5} wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 57 of 62 Slide 58: Events None SeqAck (final) [msg] {3.9} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Creating Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Sequence States Created Process Ack ranges [Closed] {3.9} Closing Process Ack ranges [Closed] {3.9} Closed Process Ack ranges [Same] Terminating Process Ack ranges [Same] Sequence Closed Fault [msg] {4.7} No action [Closed] {4.7} No action [Closed] {4.7} No action [Same] No action [Same] Unknown Sequence Fault [msg] {4.3} Sequence Terminated Fault [msg] {4.2} N/A Terminate Sequence [None] {4.3} Terminate Sequence [None] {4.2} Generate Unknown Sequence Fault [Same] {4.3} No action [None] {unspec} Generate Unknown Sequence Fault [Same] {4.3} Terminate Sequence [None] {3.7} Generate Unknown Sequence Fault [Same] {4.3} Terminate Sequence [None] {3.7} Generate Invalid Acknowledgeme nt Fault [Same] {4.4} Xmit Terminate Sequence Response [None] {3.6} Xmit Terminate Sequence [Terminating] Terminate Sequence [None] {4.3} Terminate Sequence [None] {4.2} Xmit Terminate Sequence Response [None] {3.6} Xmit Terminate Sequence [Terminating] Terminate Sequence [None] {4.3} Terminate Sequence [None] {4.2} Xmit Terminate Sequence Response [None] {3.6} Xmit Terminate Sequence [Terminating] Terminate Sequence [None] {4.3} Terminate Sequence [None] {4.2} Generate Unknown Sequence Fault [Same] {4.3} N/A TerminateSequence Generate [msg] Unknown {3.6} Sequence Fault [Same] {4.3} Terminate Sequence [int] Terminate Sequence Response [msg] N/A Generate Unknown Sequence Fault [Same] {4.3} N/A Terminate Sequence [None] {3.6} Expires exceeded [int] Terminate Sequence [None] {3.7} Generate Invalid Acknowledgeme nt Fault [Same] {4.4} Terminate Sequence [None] {3.7} Generate Invalid Acknowledgeme nt Fault [Same] {4.4} Terminate Sequence [None] {3.7} Generate Invalid Acknowledgeme nt Fault [Same] {4.4} Invalid Acknowledgement [msg] {4.4] Generate Unknown Sequence Fault [Same] {4.3} 2142 Table 2 RM Destination Sequence State Transition Table Events None CreateSequence (successful) [msg/int] {3.4} Xmit Create Sequence Response [Created] {3.4} N/A Sequence States Created N/A Closed Terminating wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 58 of 62 Slide 59: Events None CreateSequence (unsuccessful) [msg/int] {3.4} Message (with message number within range) [msg] Generate Create N/A Sequence Refused Fault [None] {3.4} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Seq Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Sequence States Created N/A Closed Terminating Accept Message; <Xmit SeqAck> [Same] Generate Sequence Closed Fault (with SeqAck+Final) [Same] {3.5} Generate Sequence Closed Fault (with SeqAck+Final) [Same] {3.5} Xmit SeqAck+Final [Same] {3.9} Xmit CloseSequence Response with SeqAck+Final [Closed] {3.5} Xmit CloseSequence with SeqAck+Final [Same] {3.5} No Action [Closed] {3.5} Generate Sequence Terminated Fault [Same] {4.2} Generate Sequence Terminated Fault [Same] {4.2} Generate Sequence Terminated Fault [Same] {4.2} Generate Sequence Terminated Fault [Same] {4.2} Message (with message number outside of range) [msg] Xmit Message Number Rollover Fault [Same] {3.7}{4.5} Xmit SeqAck [Same] {3.8} Xmit CloseSequence Response with SeqAck+Final [Closed] {3.5} Xmit CloseSequence with SeqAck+Final [Closed] {3.5} <AckRequested> [msg] {3.8} CloseSequence [msg] {3.5} <CloseSequence autonomously> [int] CloseSequenceResponse [msg] {3.5} TerminateSequence [msg] {3.6) <TerminateSequence autonomously> [int] Generate Unknown Sequence Fault [Same] {4.3} Generate Unknown Sequence Fault [Same] {4.3} Generate Sequence Terminated Fault [Same] {4.2} Xmit Terminate Sequence Response [None] {3.6} Xmit TerminateSequence with SeqAck+Final [Terminating] {3.6} Terminate Sequence [None] Xmit Terminate Sequence Response [None] {3.6} Xmit TerminateSequence with SeqAck+Final [Terminating] {3.6} Xmit Terminate Sequence Response [None] {3.6} Xmit TerminateSequence with SeqAck+Final [Terminating] {3.6} TerminateSequenceRespons e [msg] UnknownSequence Fault [msg] {4.3} SequenceTerminated Fault [msg] {4.2} Invalid Acknowledgement Fault [msg] {4.4} Expires exceeded [int] Generate Unknown Sequence Fault [Same] {4.3} Terminate Sequence [None] {4.3} Terminate Sequence [None] {4.2} N/A Terminate Sequence [None] {4.3} Terminate Sequence [None] {4.2} Terminate Sequence [None] {4.3} Terminate Sequence [None] {4.3} N/A Terminate Sequence [None] Terminate Sequence [None] 14 June 2007 Page 59 of 62 wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. Slide 60: Events None {3.4} <Seq Acknowledgement autonomously> [int] {3.9} Non WSRM message when WSRM required [msg] {4.8} N/A Sequence States Created {3.4} Xmit SeqAck+Final [Same] {3.9} Generate WSRMRequired Fault [Same] {4.8} Closed Terminating Xmit SeqAck [Same] {3.9} Generate WSRMRequired Fault [Same] {4.8} Generate WSRMRequired Fault [Same] {4.8} wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 60 of 62 Slide 61: 2143 Appendix E. Acknowledgments Ruslan Bilorusets, BEA Don Box, Microsoft Luis Felipe Cabrera, Microsoft Doug Davis, IBM Donald Ferguson, IBM Christopher Ferris, IBM Tom Freund. IBM Mary Ann Hondo, IBM John Ibbotson, IBM Lei Jin, BEA Chris Kaler, Microsoft David Langworthy-Editor, Microsoft Keith Ballinger, Microsoft Stefan Batres, Microsoft Rebecca Bergersen, Iona Allen Brown, Microsoft Michael Conner, IBM George Copeland, Microsoft Francisco Curbera, IBM Paul Fremantle, IBM Steve Graham, IBM Pat Helland, Microsoft Rick Hill, Microsoft Scott Hinkelman, IBM Tim Holloway, IBM Efim Hudis, Microsoft Abbie Barbir, Nortel Charlton Barreto, Adobe Stefan Batres, Microsoft Hamid Ben Malek, Fujitsu Andreas Bjarlestam, Ericsson Toufic Boubez, Layer 7 Doug Bunting, Sun Lloyd Burch, Novell Steve Carter, Novell Martin Chapman, Oracle Dave Chappell, Sonic Paul Cotton, Microsoft Glen Daniels, Sonic Doug Davis, IBM Blake Dournaee, Intel Jacques Durand, Fujitsu Colleen Evans, Microsoft Christopher Ferris, IBM Paul Fremantle, WSO2 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 Amelia Lewis, TIBCO Software Rodney Limprecht, Microsoft Steve Lucco, Microsoft Don Mullen, TIBCO Software Anthony Nadalin, IBM Mark Nottingham, BEA David Orchard, BEA Jamie Roots, IBM Shivajee Samdarshi, TIBCO Software John Shewchuk, Microsoft Tony Storey, IBM 2144 This document is based on initial contribution to OASIS WS-RX Technical Committee by the following 2145 authors: 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2169 The following individuals have provided invaluable input into the initial contribution: 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 David Ingham, Microsoft Gopal Kakivaya, Microsoft Johannes Klein, Microsoft Frank Leymann, IBM Martin Nally, IBM Peter Niblett, IBM Jeffrey Schlimmer, Microsoft James Snell, IBM Keith Stobie, Microsoft Satish Thatte, Microsoft Stephen Todd, IBM Sanjiva Weerawarana, IBM Roger Wolter, Microsoft 2197 The following individuals were members of the committee during the development of this specification: 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 Robert Freund, Hitachi Peter Furniss, Erebor Marc Goodner, Microsoft Alastair Green, Choreology Mike Grogan, Sun Ondrej Hrebicek, Microsoft Kazunori Iwasa, Fujitsu Chamikara Jayalath, WSO2 Lei Jin, BEA Ian Jones, BTplc Anish Karmarkar, Oracle Paul Knight, Nortel Dan Leshchiner, Tibco Mark Little, JBoss Lily Liu, webMethods Matt Lovett, IBM Ashok Malhotra, Oracle Jonathan Marsh, Microsoft Daniel Millwood, IBM 14 June 2007 Page 61 of 62 wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. Slide 62*: 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2257 Jeff Mischkinsky, Oracle Nilo Mitra, Ericsson Peter Niblett, IBM Duane Nickull, Adobe Eisaku Nishiyama, Hitachi Dave Orchard, BEA Chouthri Palanisamy, NEC Sanjay Patil, SAP Gilbert Pilz, BEA Martin Raepple, SAP Eric Rajkovic, Oracle 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 Stefan Rossmanith, SAP Tom Rutt, Fujitsu Rich Salz, IBM Shivajee Samdarshi, Tibco Vladimir Videlov, SAP Claus von Riegen, SAP Pete Wenzel, Sun Steve Winkler, SAP Ümit Yalçinalp, SAP Nobuyuki Yamamoto, Hitachi wsrm-1.1-spec-os-01 Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply. 14 June 2007 Page 62 of 62