The IESG has approved the following document: - 'The 'application/soap+xml' media type ' <draft-baker-soap-media-reg-06.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Scott Hollenbeck. Technical Summary This document defines the "application/soap+xml" media type which can be used to describe SOAP 1.2 messages serialized as XML 1.0. Working Group Summary This document is an individual submission. It is not the product of an IETF working group. The SOAP specification is a product of the World Wide Web Consortium. Protocol Quality Scott Hollenbeck has reviewed the spec for the IESG. RFC Editor Note: In section 3, change: --8<-- "action": This optional parameter can be used to specify the URI that identifies the intent of the message. In SOAP 1.2, it serves a similar purpose as the SOAPAction HTTP header field did in SOAP 1.1. Namely, its value identifies the intent of the message. The value of the action parameter is an absolute URI-reference as defined by RFC 2396 [RFC2396]. SOAP places no restrictions on the specificity of the URI or that it is resolvable. Although the purpose of the action parameter is to indicate the intent of the SOAP message there is no mechanism for automatically computing the value based on the SOAP envelope. In other words, the value has to be determined out of band. It is recommended that the same value be used to identify sets of message types that are logically connected in some manner, for example part of the same "service". It is strongly RECOMMENDED that the URI be globally unique and stable over time. The presence and content of the action parameter MAY be used by servers such as firewalls to appropriately filter SOAP messages and it may be used by servers to facilitate dispatching of SOAP messages to internal message handlers etc. It SHOULD NOT be used as an insecure form of access authorization. Use of the action parameter is OPTIONAL. SOAP Receivers MAY use it as a hint to optimize processing, but SHOULD NOT require its presence in order to operate. -->8-- to --8<-- "action": This optional parameter can be used to specify the URI that identifies the intent of the message. In SOAP 1.2, it serves a similar purpose as the SOAPAction HTTP header field did in SOAP 1.1. Namely, its value identifies the intent of the message. The value of the action parameter is an absolute URI-reference as defined by RFC 2396 [RFC2396], which MUST be non-empty. SOAP places no restrictions on the specificity of the URI or that it is resolvable. Although the purpose of the action parameter is to indicate the intent of the SOAP message there is no mechanism for automatically computing the value based on the SOAP envelope. In other words, the value has to be determined out of band. It is recommended that the same value be used to identify sets of message types that are logically connected in some manner, for example part of the same "service". It is strongly RECOMMENDED that the URI be globally unique and stable over time. Use of the action parameter is OPTIONAL. SOAP Receivers MAY use it as a hint to optimize processing, but SHOULD NOT require its presence in order to operate. -->8-- Add the following to the end of the Security Considerations section of the registration template found in section 3: --8<-- The action parameter is not a security mechanism, and SHOULD NOT be used for authentication. If the action parameter is used to make decisions (e.g., dispatch, filtering), it is RECOMMENDED that the basis for such decisions should be confirmed by examining the SOAP Envelope. -->8-- _______________________________________________ IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce
