Technical Summary
This document defines the "application/soap+xml" media type which can
be used to describe SOAP 1.2 messages serialized as XML 1.0.
Working Group Summary
This document is an individual submission. It is not the product of
an IETF working group. The SOAP specification is a product of the
World Wide Web Consortium.
Protocol Quality
Scott Hollenbeck has reviewed the spec for the IESG.
RFC Editor Note:
In section 3, change:
--8<--
"action": This optional parameter can be used to specify the URI that
identifies the intent of the message. In SOAP 1.2, it serves a similar
purpose as the SOAPAction HTTP header field did in SOAP 1.1. Namely,
its value identifies the intent of the message.
The value of the action parameter is an absolute URI-reference as
defined by RFC 2396 [RFC2396]. SOAP places no restrictions on the
specificity of the URI or that it is resolvable. Although the purpose
of the action parameter is to indicate the intent of the SOAP message
there is no mechanism for automatically computing the value based on
the SOAP envelope. In other words, the value has to be determined out
of band. It is recommended that the same value be used to identify sets
of message types that are logically connected in some manner, for
example part of the same "service". It is strongly RECOMMENDED that the
URI be globally unique and stable over time.
The presence and content of the action parameter MAY be used by servers
such as firewalls to appropriately filter SOAP messages and it may be
used by servers to facilitate dispatching of SOAP messages to internal
message handlers etc. It SHOULD NOT be used as an insecure form of
access authorization. Use of the action parameter is OPTIONAL. SOAP
Receivers MAY use it as a hint to optimize processing, but SHOULD NOT
require its presence in order to operate.
-->8--
to
--8<--
"action": This optional parameter can be used to specify the URI that
identifies the intent of the message. In SOAP 1.2, it serves a similar
purpose as the SOAPAction HTTP header field did in SOAP 1.1. Namely,
its value identifies the intent of the message.
The value of the action parameter is an absolute URI-reference as
defined by RFC 2396 [RFC2396], which MUST be non-empty. SOAP places no
restrictions on the specificity of the URI or that it is resolvable.
Although the purpose of the action parameter is to indicate the intent
of the SOAP message there is no mechanism for automatically computing
the value based on the SOAP envelope. In other words, the value has to
be determined out of band. It is recommended that the same value be
used to identify sets of message types that are logically connected in
some manner, for example part of the same "service". It is strongly
RECOMMENDED that the URI be globally unique and stable over time.
Use of the action parameter is OPTIONAL. SOAP Receivers MAY use it as a
hint to optimize processing, but SHOULD NOT require its presence in
order to operate.
-->8--
Add the following to the end of the Security Considerations section
of the registration template found in section 3:
--8<--
The action parameter is not a security mechanism, and SHOULD NOT be
used for authentication. If the action parameter is used to make
decisions (e.g., dispatch, filtering), it is RECOMMENDED that the basis
for such decisions should be confirmed by examining the SOAP Envelope.
-->8--