© 2005 Global Grid Forum The information contained herein is subject to change without notice Leading the pervasive adoption of grid computing for research and industry Ian Foster, Tom Maguire, David Snelling OGSA Documents, OGSA-WG #3 28 June, 2005 (GGF14 in Chicago) 2:30-4:00pm OGSA WSRF Basic Profile
Profile Overview Addressing: The Profile mandates the use of WS-Addressing endpoint references and places some constraints on their structure, thus enabling interoperable addressing. Resource Properties: The Profile mandates that a resource support certain resource properties, thus facilitating introspection, and also mandates support for certain operations that are optional in the WS-ResourceProperties specifications. Both sets of requirements facilitate interoperability by allowing a client to make more assumptions about a service’s interfaces. Resource Lifetime: The Profile mandates the use of the ImmediateResourceTermination and ScheduledResourceTermination portTypes and their associated operations and properties for immediate and scheduled termination of resources. Base Notification: The Profile mandates the use of the NotificationProducer portType and its associated operations and properties to provide notification using a publish/subscribe pattern. Base Faults: The profile mandates the use of the fault structure specified in WS- BaseFaults and, where applicable, extends the fault structure.
Relationship to other profiles This Profile extends the WS-I Basic Profile 1.1 and the WS-I Basic Security Profile 1.0. All requirements specified in WS-I BP 1.1 and WS- I BSP 1.0 pertain to this profile.
Notational Conventions Normative statements of requirements in the Profile are presented in the manner detailed in the WS-I Basic Profile 1.1 Conformance Requirements section. Both requirement statements and extensibility statements can be considered namespace- qualified. The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are used to describe requirement statements.
Conformance Targets The following conformance targets are used in the Profile: ENDPOINTREFERENCE – the serialization of the wsa:EndpointReference and its content ENVELOPE – the serialization of the soap:Envelope element and its content DESCRIPTION – descriptions of types, messages, interfaces and their concrete protocol and data format bindings, and the network access points associated with Web services (e.g., WSDL descriptions) (from WS-I Basic Profile 1.1) INSTANCE – software that implements a wsdl:port (from WS-I Basic Profile 1.1) CONSUMER – software that invokes an INSTANCE (from WS-I Basic Profile 1.1) SENDER – software that generates a particular message according to the protocol(s) associated with that message (from WS-I Basic Profile 1.1) RECEIVER – software that consumes a message according to the protocol(s) associated with that message (e.g., SOAP processors) (from WS-I Basic Profile 1.1)
Claiming conformance Claims of conformance to the Profile are the same as normatively described in WS-I Basic Profile 1.1. The conformance claim URI for this Profile is “ sicProfile-1.0”.
Addressing - Extensibility Web Services Addressing Core Extensibility points: –E0301 – WSA Extensibility – WS-Addressing allows extensibility elements for the wsa:EndpointReference. –E0302 – WSA Metadata Extensibility – WS-Addressing allows extensibility elements for metadata as children of the wsa:Metadata element.
Addressing - Requirements Endpoint Reference Structure –R0311 An ENDPOINTREFERENCE MUST conform to the structure specified in Web Services Addressing Section 2, "Endpoint References" (subject to amendment by the Profile).
Resource Property - Extensions Web Services Resource Properties 1.2 Extensibility points: –E0401 – Resource Property Document Extensibility – Any resource property document MAY include standard XML extensibility through the use of xsd:any. –E0402 – Resource Property Element Extensibility – Any resource property element MAY include standard XML extensibility through the use of xsd:any. –E0403 – QueryExpression Extensibility – The Query Expression supported by the QueryResourceProperties message exchange is defined as open content (xsd:any).
Resource Property - Requirements ResourcePropertyNames Resource Property Element Each instance of a WS-Resource is required to provide the ability to retrieve, through the GetResourceProperty message exchange pattern, a list of all resource property element QNames that it contains. R0411 A DESCRIPTION MUST contain in the Resource Property Document schema, as referred to by the wsrf-rp:ResourceProperties attribute on the portType, a Resource Property Element ogsa- bp:ResourcePropertyNames as defined in the schema
Resource Property – Requirements (cont) FinalWSResourceInterface Resource Property Element Each instance of a WS-Resource is recommended to provide the ability to retrieve, through the GetResourceProperty message exchange pattern, the final portType interface QName. R0414 A DESCRIPTION MUST contain in the Resource Property Document schema, as referred to by the wsrf-rp:ResourceProperties attribute on the portType, a Resource Property Element ogsa- bp:FinalWSResourceInterface as defined in the schema
Resource Property – Requirements (cont) WSResourceInterfaces Resource Property Element Each instance of a WS-Resource is recommended to provide the ability to retrieve, through the GetResourceProperty message exchange pattern, a list of all portTypes that were used to compose the wsdl:Service. Each portType must be referenced by QName, where the namespace of the QName is that of the parent wsdl:definition, R0417 A DESCRIPTION MUST contain in the Resource Property Document schema, as referred to by the wsrf-rp:ResourceProperties attribute on the portType, a Resource Property Element ogsa- bp:WSResourceInterfaces defined in the schema
Resource Property – Requirements (cont) ResourceEndpointReference Resource Property Element Each instance of a WS-Resource is recommended to provide the ability to retrieve, through the GetResourceProperty message exchange pattern, the wsa:EndpointReference for itself. R0420 A DESCRIPTION MUST contain in the Resource Property Document schema, as referred to by the wsrf-rp:ResourceProperties attribute on the portType, a Resource Property Element ogsa- bp:ResourceEndpointReference as defined in the schema
Resource Property – Requirements (cont) wsrf-rp:GetMultipleResourceProperties Message Exchange WS-ResourceProperties only requires that an instance of a WS-Resource implement the GetResourceProperty message exchange pattern. The Profile also requires support for GetMultipleResourceProperties. R0423 A DESCRIPTION MUST include the wsrf- rp:GetMultipleResourceProperties wsdl:operation as defined in WS- ResourceProperties section 5.3. R0424 An INSTANCE MUST support the GetMultipleResourceProperties message exchange to allow for the retrieval of multiple resource properties.
Resource Property – Requirements (cont) wsrf-rp:QueryResourceProperties Message Exchange WS-ResourceProperties only requires that an instance of a WS-Resource implement the GetResourceProperty message exchange pattern. The Profile also requires support for QueryResourceProperties. R0425 A DESCRIPTION SHOULD include the wsrf- rp:QueryResourceProperties as defined in WS-ResourceProperties section 5.4. R0426 An INSTANCE SHOULD support the wsrf-rp:QueryResourceProperties message exchange to allow for the query and retrieval of multiple resource properties R0427 An INSTANCE MUST support the QueryExpression Dialect URI on the QueryResourceProperties message exchange. R0428 An INSTANCE, when presented with a resource property retrieval for the QName wsrf-rp:QueryExpressionDialect response, MUST (at least) include the URI
Resource Property – Requirements (cont) Use of wsn:NotificationProducer The profile mandates the use of the NotificationProducer portType and its associated operations and properties to support the resource property value change notification pattern for insertions, updates and deletions. R0430 A DESCRIPTION SHOULD include the wsn:NotificationProducer interface as defined in WS-BaseNotification section 4. R0431 An INSTANCE MUST support wsn:Subscribe message exchange to allow for creation of ResourcePropertyChangeNotifications.
Resource Lifetime - Extensibility Web Services Resource Lifetime 1.2 Extensibility points: –E0501 – Termination Reason – The termination reason in the TerminationNotification message type allows for open content (xsd:any).
Resource Lifetime - Requirements wsrf-rl:Destroy Message Exchange WS-ResourceLifetime does not require that an instance of a WS-Resource implement any of the message exchanges that it defines. In contrast, the Profile mandates immediate destruction capability for WS-Resource instances that are created as a result of a message exchange. R0511 A DESCRIPTION MUST include the wsrf-rl:Destroy message exchange to allow for the immediate destruction of a WS-Resource. R0512 An INSTANCE MUST support the wsrf-rl:Destroy message exchange to allow for the immediate destruction of a WS-Resource.
Base Notification - Extensibility Web Services Base Notification 1.2 Extensibility points: –E0601 – Subscribe Topic Expression – The topic expression in the wsnt:Subscribe is open content (xsd:any).
Base Notification - Requirements Subscribe Message Exchange The wsnt:Subscribe message exchange allows for notification messages to be sent over protocols other than Web services-based protocols. This flexibility impedes the interoperability of services that conform to the Profile. The Profile allows the use of this message exchange but places the following constraints on it: R0611 A CONSUMER MUST NOT include the wsnt:UseNotify element in the wsnt:Subscribe request. (wsnt:UseNotify defaults to ‘true’ thus forcing notifications to be sent via Web services protocols).[LS2] [TRM3][LS4] [LS2][TRM3][LS4] R0612 An INSTANCE MUST support the TopicExpression Dialect URI open.org/wsn/2004/06/TopicExpression/Simple for in the wsnt:Subscribe message exchange. open.org/wsn/2004/06/TopicExpression/Simple R0613 An INSTANCE, when presented with a resource property retrieval for the QName wsnt:TopicExpressionDialect the response, MUST include (at a minimum) the URI open.org/wsn/2004/06/TopicExpression/Simple. open.org/wsn/2004/06/TopicExpression/Simple R0614 An INSTANCE MAY respond with a ‘precondition not supported’ fault if the wsnt:Precondition element is present in the wsnt:Subscribe message exchange. R0615 An INSTANCE MAY respond with a ‘selector not supported’ fault if the wsnt:Selector element is present in the wsnt:Subscribe message exchange. R0616 An INSTANCE MAY respond with a ‘subscription policy not supported’ fault if the wsnt:SubscriptionPolicy element is present in the wsnt:Subscribe message exchange. R0617 An INSTANCE that accepts the wsnt:Precondition element in the wsnt:Subscribe message exchange MUST support the QueryExpression from the namespace xpath as the content for the wsnt:Precondition element. xpath R0618 An INSTANCE that accepts the wsnt:Selector element in the wsnt:Subscribe message exchange MUST support the QueryExpression from the namespace xpath as the content for the wsnt:Selector element. xpath
Base Notification - Requirements Notification WS-BaseNotification specifies that a NotificationProducer MAY send the Notify message to the NotificationConsumer in order to deliver one or more NotificationMessage(s). This is to allow for the use of ‘raw’ notifications. Raw notifications are disallowed above by R0611. Therefore: R0619 An INSTANCE MUST send the wsnt:Notify message to the NotificationConsumer in order to deliver one or more NotificationMessage(s).
Base Fault - Requirements BaseFault Structure R0711 A MESSAGE for a fault from a WS-Resource MUST conform to the structure specified in Web Services Base Faults Section 2, "Base Fault Type" (subject to amendment by the Profile).
Security - Requirements Mandated Secure Transport All messages are subject to interference and corruption during transmission. To mitigate the risks of intentional or accidental modification to, or disclosure of, message data, the Profile mandates secure transmission of messages. R0811 When establishing an HTTP connection a SENDER MUST use HTTP over TLS as profiled by Basic Security Profile Version 1.0 Section 4 and Section 10. R0812 When establishing an HTTP connection a RECEIVER MUST use HTTP over TLS as profiled by Basic Security Profile Version 1.0 Section 4 and Section 10. R0813 When establishing a non-HTTP connection a SENDER MUST use The TLS Protocol and be compliant with Basic Security Profile Version 1.0 Section 10. R0814 When establishing a non-HTTP connection a RECEIVER MUST use The TLS Protocol and be compliant with Basic Security Profile Version 1.0 Section 10.
Security – Requirements (cont) Authentication Consumers and instances must provide authentication information: R0816 An INSTANCE MUST provide authentication information as part of the TLS connection. R0817 A CONSUMER MUST provide authentication information, either as part of the TLS connection or by adhering to WS-I Basic Security Profile Version 1.0 Section 7.
Security – Requirements (cont) Token Format Compliance All security tokens used in a message must comply with the Basic Security Profile Version 1.0. R0818 When security tokens are included in the message the CONSUMER MUST adhere to the Basic Security Profile Version 1.0 Section 5.
Security – Requirements (cont) XML Signature All messages employing XML Signature must comply with the WS-I Basic Security Profile Version 1.0. R0819 When using XML Signature a SENDER MUST comply with Basic Security Profile Version 1.0, Section 8. R0820 When using XML Signature a RECEIVER MUST comply with Basic Security Profile Version 1.0, Section 8.
Security – Requirements (cont) XML Encryption All messages employing XML Encryption must comply with the Basic Security Profile Version 1.0. R0821 When using XML Encryption a SENDER MUST comply with Basic Security Profile Version 1.0, Section 9. R0822 When using XML Encryption a RECEIVER MUST comply with Basic Security Profile Version 1.0, Section 9.
Security – Requirements (cont) Message-Level Security All messages which are secured using message level security MUST employ XML encryemploying XML Encryption must comply with the Basic Security Profile Version 1.0. R0823 When using Message-Level Security the ENDPOINTREFERENCE SHOULD include ogsa-bp:KeyInfoElement as defined in Appendix A. R0824 When using XML Encryption as part of Message-Level Security, the RECEIVER SHOULD provide the key information for encryption of incoming messages to the sender before the sender sends the message. R0825 An INSTANCE SHOULD provide the encryption key as part of its endpoint reference. R0826 A CONSUMER SHOULD provide the encryption key as part of the endpoint reference in the request message. R0827 When using XML Encryption as part of Message Level Security, the SENDER SHOULD use the key specified by the ogsa-bp:KeyInfoElement in the endpoint reference of the receiver.
Security – Requirements (cont) Communication of assertions Senders MAY send assertions that can be used for policy decisions, including access control decisions by receivers of SOAP messages. The assertions MUST be SAML assertions or X.509 attribute certificates, and senders and receivers MUST adhere to the Basic Security Profile 1.0 or SAML Token Profile Version 1.0 when sending assertions. R0828 When communicating SAML assertions, a SENDER MUST comply with SAML Token Profile Version 1.0. R0829 When communicating SAML assertions, a RECEIVER MUST comply with SAML Token Profile Version 1.0. R0830 When communicating X.509 attribute certificates, a SENDER MUST comply with Basic Security Profile Version 1.0. R0831 When communicating X.509 attribute certificates, a RECEIVER MUST comply with Basic Security Profile Version 1.0.
Q&A