ࡱ > 9 bjbj
z h h a ) ) ) ) ) $ )) )) )) P y) %, )) , - V o; d ; ; ; = I +M * , , , , , , $ י y 8 P ) qT = = qT qT P ) ) ; ; 4 e ` ` ` qT ) ; ) ; * ` qT * ` ` B @ ; ^$ )) T 6 { 0 2 [ l 8 ) " N : 9P ` Q Q N N N P P [^ N N N qT qT qT qT N N N N N N N N N ' :
Web Services Coordination (WS-Coordination) Version 1.2
Committee Specification 01
2 October 2008
Specification URIs:
This Version:
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cs-01/wstx-wscoor-1.2-spec-cs-01.html" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cs-01/wstx-wscoor-1.2-spec-cs-01.html
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cs-01.doc" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cs-01.doc (Authoritative format)
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cs-01.pdf" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cs-01.pdf
Previous Version:
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cd-02/wstx-wscoor-1.2-spec-cd-02.html" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cd-02/wstx-wscoor-1.2-spec-cd-02.html
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cd-02.doc" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cd-02.doc (Authoritative format)
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cd-02.pdf" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec-cd-02.pdf
Latest Approved Version:
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec.html" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec.html
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec.doc" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec.doc
HYPERLINK "http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec.pdf" http://docs.oasis-open.org/ws-tx/wstx-wscoor-1.2-spec.pdf
Technical Committee:
HYPERLINK "http://www.oasis-open.org/committees/ws-tx/" OASIS Web Services Transaction (WS-TX) TC
Chair(s):
Eric Newcomer, Iona
Ian Robinson, IBM
Editor(s):
Max Feingold, Microsoft
Ram Jeyaraman, Microsoft
Declared XML Namespaces:
HYPERLINK "http://docs.oasis-open.org/ws-tx/wscoor/2006/06" http://docs.oasis-open.org/ws-tx/wscoor/2006/06
Abstract:
The WS-Coordination specification describes an extensible framework for providing protocols that coordinate the actions of distributed applications. Such coordination protocols are used to support a number of applications, including those that need to reach consistent agreement on the outcome of distributed activities.
The framework defined in this specification enables an application service to create a context needed to propagate an activity to other services and to register for coordination protocols. The framework enables existing transaction processing, workflow, and other systems for coordination to hide their proprietary protocols and to operate in a heterogeneous environment.
Additionally this specification describes a definition of the structure of context and the requirements for propagating context between cooperating services.
Status:
This document was last revised or approved by the WS-TX TC on the above date. The level of approval is also listed above. Check the Latest Approved Version location noted above for possible later revisions of this document.
Technical Committee members should send comments on this specification to the Technical Committees email list. Others should send comments to the Technical Committee by using the Send A Comment button on the Technical Committees web page at HYPERLINK "http://www.oasis-open.org/committees/ws-tx" www.oasis-open.org/committees/ws-tx.
For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page ( HYPERLINK "http://www.oasis-open.org/committees/ws-tx/ipr.php" www.oasis-open.org/committees/ws-tx/ipr.php).
The non-normative errata page for this specification is located at HYPERLINK "http://www.oasis-open.org/committees/ws-tx" www.oasis-open.org/committees/ws-tx.
Notices
Copyright OASIS Open 2008. All Rights Reserved.
All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification.
OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so.
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.
Table of Contents
TOC \o "1-3" \h \z \u HYPERLINK \l "_Toc199241402" 1 Introduction PAGEREF _Toc199241402 \h 5
HYPERLINK \l "_Toc199241403" 1.1 Model PAGEREF _Toc199241403 \h 5
HYPERLINK \l "_Toc199241404" 1.2 Composable Architecture PAGEREF _Toc199241404 \h 6
HYPERLINK \l "_Toc199241405" 1.3 Extensibility PAGEREF _Toc199241405 \h 6
HYPERLINK \l "_Toc199241406" 1.4 Terminology PAGEREF _Toc199241406 \h 6
HYPERLINK \l "_Toc199241407" 1.5 Namespace PAGEREF _Toc199241407 \h 7
HYPERLINK \l "_Toc199241408" 1.5.1 Prefix Namespace PAGEREF _Toc199241408 \h 7
HYPERLINK \l "_Toc199241409" 1.6 XSD and WSDL Files PAGEREF _Toc199241409 \h 7
HYPERLINK \l "_Toc199241410" 1.7 Coordination Protocol Elements PAGEREF _Toc199241410 \h 7
HYPERLINK \l "_Toc199241411" 1.8 Conformance PAGEREF _Toc199241411 \h 7
HYPERLINK \l "_Toc199241412" 1.9 Normative References PAGEREF _Toc199241412 \h 7
HYPERLINK \l "_Toc199241416" 1.10 Non-normative References PAGEREF _Toc199241416 \h 8
HYPERLINK \l "_Toc199241417" 2 Coordination Context PAGEREF _Toc199241417 \h 9
HYPERLINK \l "_Toc199241418" 3 Coordination Service PAGEREF _Toc199241418 \h 10
HYPERLINK \l "_Toc199241419" 3.1 Activation Service PAGEREF _Toc199241419 \h 11
HYPERLINK \l "_Toc199241420" 3.1.1 CreateCoordinationContext PAGEREF _Toc199241420 \h 11
HYPERLINK \l "_Toc199241421" 3.1.2 CreateCoordinationContextResponse PAGEREF _Toc199241421 \h 12
HYPERLINK \l "_Toc199241422" 3.2 Registration Service PAGEREF _Toc199241422 \h 13
HYPERLINK \l "_Toc199241423" 3.2.1 Register Message PAGEREF _Toc199241423 \h 14
HYPERLINK \l "_Toc199241424" 3.2.2 RegistrationResponse Message PAGEREF _Toc199241424 \h 15
HYPERLINK \l "_Toc199241425" 4 Coordination Faults PAGEREF _Toc199241425 \h 16
HYPERLINK \l "_Toc199241426" 4.1 Invalid State PAGEREF _Toc199241426 \h 17
HYPERLINK \l "_Toc199241427" 4.2 Invalid Protocol PAGEREF _Toc199241427 \h 17
HYPERLINK \l "_Toc199241428" 4.3 Invalid Parameters PAGEREF _Toc199241428 \h 17
HYPERLINK \l "_Toc199241429" 4.4 Cannot Create Context PAGEREF _Toc199241429 \h 17
HYPERLINK \l "_Toc199241430" 4.5 Cannot Register Participant PAGEREF _Toc199241430 \h 17
HYPERLINK \l "_Toc199241431" 5 Security Model PAGEREF _Toc199241431 \h 19
HYPERLINK \l "_Toc199241432" 5.1 CoordinationContext Creation PAGEREF _Toc199241432 \h 20
HYPERLINK \l "_Toc199241433" 5.2 Registration Rights Delegation PAGEREF _Toc199241433 \h 20
HYPERLINK \l "_Toc199241434" 6 Security Considerations PAGEREF _Toc199241434 \h 22
HYPERLINK \l "_Toc199241435" 7 Use of WS-Addressing Headers PAGEREF _Toc199241435 \h 24
HYPERLINK \l "_Toc199241436" 8 Glossary PAGEREF _Toc199241436 \h 25
HYPERLINK \l "_Toc199241437" Appendix A. Acknowledgements PAGEREF _Toc199241437 \h 26
Introduction
The current set of Web service specifications (SOAP HYPERLINK \l "SOAP11" REF SOAP11 \h \* MERGEFORMAT [SOAP 1.1] HYPERLINK \l "SOAP12" REF SOAP12 \h [SOAP 1.2] and WSDL HYPERLINK \l "WSDL" REF WSDL \h [WSDL]) defines protocols for Web service interoperability. Web services increasingly tie together a large number of participants forming large distributed computational units we refer to these computation units as activities.
The resulting activities are often complex in structure, with complex relationships between their participants. The execution of such activities often takes a long time to complete due to business latencies and user interactions.
This specification defines an extensible framework for coordinating activities using a coordinator and set of coordination protocols. This framework enables participants to reach consistent agreement on the outcome of distributed activities. The coordination protocols that can be defined in this framework can accommodate a wide variety of activities, including protocols for simple short-lived operations and protocols for complex long-lived business activities. For example, WS-AtomicTransaction HYPERLINK \l "WSAT" REF WSAT \h [WSAT] and WS-BusinessActivity HYPERLINK \l "WSBA" [WSBA] specifications use and build upon this specification.
Note that the use of the coordination framework is not restricted to transaction processing systems; a wide variety of protocols can be defined for distributed applications.
Model
This specification describes a framework for a coordination service (or coordinator) which consists of these component services:
An Activation service with an operation that enables an application to create a coordination instance or context.
A Registration service with an operation that enables an application to register for coordination protocols.
A coordination type-specific set of coordination protocols.
This is illustrated below in Figure 1.
INCLUDEPICTURE "D:\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\elliotr\\Local Settings\\Temporary Internet Files\\OLK13EE\\images\\WS-Coordination Fig1.gif" \* MERGEFORMAT
Applications use the Activation service to create the coordination context for an activity. Once a coordination context is acquired by an application, it is then sent by whatever appropriate means to another application.
The context contains the necessary information to register into the activity specifying the coordination behavior that the application will follow.
Additionally, an application that receives a coordination context may use the Registration service of the original application or may use one that is specified by an interposing, trusted coordinator. In this manner an arbitrary collection of Web services may coordinate their joint operation.
Composable Architecture
By using the XML HYPERLINK \l "XML" [XML], SOAP HYPERLINK \l "SOAP11" [SOAP 1.1] HYPERLINK \l "SOAP12" REF SOAP12 \h [SOAP 1.2] and WSDL HYPERLINK \l "WSDL" REF WSDL \h [WSDL] extensibility model, SOAP-based and WSDL-based specifications are designed to be composed with each other to define a rich Web services environment. As such, WS-Coordination by itself does not define all the features required for a complete solution. WS-Coordination is a building block that is used in conjunction with other specifications and application-specific protocols to accommodate a wide variety of protocols related to the operation of distributed Web services.
The Web service protocols defined in this specification should be used when interoperability is needed across vendor implementations, trust domains, etc. Thus, the Web service protocols defined in this specification can be combined with proprietary protocols within the same application.
Extensibility
The specification provides for extensibility and flexibility along two dimensions. The framework allows for:
The publication of new coordination protocols.
The selection of a protocol from a coordination type and the definition of extension elements that can be added to protocols and message flows.
Extension elements can be used to exchange application-specific data on top of message flows already defined in this specification. This addresses the need to exchange such data as transaction isolation levels or other information related to business-level coordination protocols. The data can be logged for auditing purposes, or evaluated to ensure that a decision meets certain business-specific constraints.
To understand the syntax used in this specification, the reader should be familiar with the WSDL HYPERLINK \l "WSDL" REF WSDL \h [WSDL] specification, including its HTTP and SOAP binding styles. All WSDL port type definitions provided here assume the existence of corresponding SOAP and HTTP bindings.
Terms introduced in this specification are explained in the body of the specification and summarized in the glossary.
Terminology
The uppercase key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in HYPERLINK \l "RFC2119" [RFC2119].
This specification uses an informal syntax to describe the XML grammar of the XML fragments below:
The syntax appears as an XML instance, but the values indicate the data types instead of values.
Element names ending in "..." (such as or ) indicate that elements/attributes irrelevant to the context are being omitted.
Attributed names ending in "..." (such as name=...) indicate that the values are specified below.
Grammar in bold has not been introduced earlier in the document, or is of particular interest in an example.
is a placeholder for elements from some "other" namespace (like ##other in XSD).
Characters are appended to elements, attributes, and as follows: "?" (0 or 1), "*" (0 or more), "+" (1 or more). The characters "[" and "]" are used to indicate that contained items are to be treated as a group with respect to the "?", "*", or "+" characters.
The XML namespace prefixes (defined below) are used to indicate the namespace of the element being defined.
Examples starting with
. . .
http://Fabrikam123.com/SS/1234
3000
http://docs.oasis-open.org/ws-tx/wsat/2006/06
http://Business456.com/mycoordinationservice/registration
...
...
RepeatableRead
. . .
. . .
When an application propagates an activity using a coordination service, applications MUST include a CoordinationContext in the message.
When a context is exchanged as a SOAP header, the mustUnderstand attribute MUST be present and its value MUST be true.
Coordination Service
The Coordination service (or coordinator) is an aggregation of the following services:
Activation service: Defines a CreateCoordinationContext operation that allows a CoordinationContext to be created. The exact semantics are defined in the specification that defines the coordination type. The Coordination service MAY support the Activation service.
Registration service: Defines a Register operation that allows a Web service to register to participate in a coordination protocol. The Coordination service MUST support the Registration service.
A set of coordination protocol services for each supported coordination type. These are defined in the specification that defines the coordination type.
Figure 2 illustrates an example of how two application services (App1 and App2) with their own coordinators (CoordinatorA and CoordinatorB) interact as the activity propagates between them. The protocol Y and services Ya and Yb are specific to a coordination type, which are not defined in this specification.
App1 sends a CreateCoordinationContext for coordination type Q, getting back a Context Ca that contains the activity identifier A1, the coordination type Q and an Endpoint Reference to CoordinatorA's Registration service RSa.
App1 then sends an application message to App2 containing the Context Ca.
App2 prefers to use CoordinatorB instead of CoordinatorA, so it uses CreateCoordinationContext with Ca as an input to interpose CoordinatorB. CoordinatorB creates its own CoordinationContext Cb that contains the same activity identifier and coordination type as Ca but with its own Registration service RSb.
App2 determines the coordination protocols supported by the coordination type Q and then Registers for a coordination protocol Y at CoordinatorB, exchanging Endpoint References for App2 and the protocol service Yb. This forms a logical connection between these Endpoint References that the protocol Y can use.
This registration causes CoordinatorB to decide to immediately forward the registration onto CoordinatorA's Registration service RSa, exchanging Endpoint References for Yb and the protocol service Ya. This forms a logical connection between these Endpoint References that the protocol Y can use.
Figure 2: Two applications with their own coordinators
INCLUDEPICTURE "D:\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\elliotr\\Local Settings\\Temporary Internet Files\\OLK13EE\\images\\WS-Coordination Fig2.gif" \* MERGEFORMAT
It should be noted that in this example several actions are taken that are not required by this specification, but which may be defined by the coordination type specification or are implementation or configuration choices. Specifications of coordination types and coordination protocols that need to constrain the sub-coordination behavior of implementations SHOULD state these requirements in their specification.
Activation Service
The Activation service creates a new activity and returns its coordination context.
An application sends:
CreateCoordinationContext
The structure and semantics of this message are defined in HYPERLINK \l "_CreateCoordinationContext" Section 3.1.1.
The activation service returns:
CreateCoordinationContextResponse
The structure and semantics of this message is defined in HYPERLINK \l "_CreateCoordinationContextResponse" Section 3.1.2
CreateCoordinationContext
This request is used to create a coordination context that supports a coordination type (i.e., a service that provides a set of coordination protocols). This command is required when using a network-accessible Activation service in heterogeneous environments that span vendor implementations. To fully understand the semantics of this operation it is necessary to read the specification where the coordination type is defined (e.g. WS-AtomicTransaction).
The following pseudo schema defines this element:
... ? ... ? ...
...
Expires is an optional element which represents the remaining expiration for the CoordinationContext as an unsigned integer in milliseconds to be measured from the point at which the context was first received.
/CreateCoordinationContext/CoordinationType
This provides the unique identifier for the desired coordination type for the activity (e.g., a URI to the Atomic Transaction coordination type).
/CreateCoordinationContext/Expires
Optional. The expiration for the returned CoordinationContext expressed as an unsigned integer in milliseconds.
/CreateCoordinationContext/CurrentContext
Optional. If absent, the Activation Service creates a coordination context representing a new, independent activity. If present, the Activation Service creates a coordination context representing a new activity which is related to the existing activity identified by the current coordination context contained in this element. Some examples of potential uses of this type of relationship include interposed subordinate coordination, protocol bridging and coordinator replication.
/CreateCoordinationContext /{any}
Extensibility elements may be used to convey additional information.
/CreateCoordinationContext /@{any}
Extensibility attributes may be used to convey additional information.
A CreateCoordinationContext message can be as simple as the following example.
http://docs.oasis-open.org/ws-tx/wsat/2006/06
CreateCoordinationContextResponse
This returns the CoordinationContext that was created.
The following pseudo schema defines this element:
...
...
/CreateCoordinationContext/CoordinationContext
This is the created coordination context.
/CreateCoordinationContext /{any}
Extensibility elements may be used to convey additional information.
/CreateCoordinationContext /@{any}
Extensibility attributes may be used to convey additional information.
The following example illustrates a response:
http://Business456.com/tm/context1234
http://docs.oasis-open.org/ws-tx/wsat/2006/06
http://Business456.com/tm/registration
1234
Registration Service
Once an application has a coordination context from its chosen coordinator, it can register for the activity. The interface provided to an application registering for an activity and for an interposed coordinator registering for an activity is the same.
The requester sends:
Register
The syntax and semantics of this message are defined in HYPERLINK \l "_Register_Message" Section 3.2.1.
The coordinator's registration service responds with:
Registration Response
The syntax and semantics of this message are defined in HYPERLINK \l "_RegistrationResponse_Message" Section 3.2.2.
Figure 3: The usage of Endpoint References during registration
INCLUDEPICTURE "D:\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\elliotr\\Local Settings\\Temporary Internet Files\\OLK13EE\\images\\WS-Coordination Fig3.gif" \* MERGEFORMAT
In Figure 3, the coordinator provides the Registration Endpoint Reference in the CoordinationContext during the CreateCoordinationContext operation. The requesting service receives the Registration service Endpoint Reference in the CoordinationContext in an application message.
1.) The Register message targets this Endpoint Reference and includes the participant protocol service Endpoint Reference as a parameter.
2.) The RegisterResponse includes the coordinator's protocol service Endpoint Reference.
3. & 4.) At this point, both sides have the Endpoint References of the other's protocol service, so the protocol messages can target the other side.
These Endpoint References may contain (opaque) wsa:ReferenceParameters to fully qualify the target protocol service endpoint. Endpoint References MUST be interpreted according to the rules defined in WS-Addressing 1.0 Core HYPERLINK \l "WSADDR" [WSADDR].
A Registration service is not required to detect duplicate Register requests and MAY treat each Register message as a request to register a distinct participant.
A participant MAY send multiple Register requests to a Registration service. For example, it may retry a Register request following a lost RegisterResponse, or it may fail and restart after registering successfully but before performing any recoverable work.
If a participant sends multiple Register requests for the same activity, the participant MUST be prepared to correctly handle duplicate protocol messages from the coordinator. One simple strategy for accomplishing this is for the participant to generate a unique reference parameter for each participant Endpoint Reference that it provides in a Register request. The manner in which the participant handles duplicate protocol messages depends on the specific coordination type and coordination protocol.
Register Message
The Register request is used to do the following:
Participant selection and registration in a particular Coordination protocol under the current coordination type supported by the Coordination Service.
Exchange Endpoint References. Each side of the coordination protocol (participant and coordinator) supplies an Endpoint Reference.
Participants MAY register for multiple Coordination protocols by issuing multiple Register operations. WS-Coordination assumes that transport protocols provide for message batching if required.
The following pseudo schema defines this element:
...
... ...
/Register/ProtocolIdentifier
This URI provides the identifier of the coordination protocol selected for registration.
/Register/ParticipantProtocolService
The Endpoint Reference that the registering participant wants the coordinator to use for the Coordination protocol (See WS-Addressing HYPERLINK \l "WSADDR" REF WSADDR \h [WSADDR]).
/Register/{any}
Extensibility elements may be used to convey additional information.
/ Register/@{any}
Extensibility attributes may be used to convey additional information.
The following is an example registration message:
http://docs.oasis-open.org/ws-tx/wsat/2006/06/Volatile2PC
http://Adventure456.com/participant2PCservice
AlphaBetaGamma
RegistrationResponse Message
The response to the registration message contains the coordinators Endpoint Reference.
The following pseudo schema defines this element:
... ...
/RegisterResponse/CoordinatorProtocolService
The Endpoint Reference that the Coordination service wants the registered participant to use for the Coordination protocol.
/RegisterResponse/{any}
Extensibility elements may be used to convey additional information.
/RegisterResponse /@{any}
Extensibility attributes may be used to convey additional information.
The following is an example of a RegisterResponse message:
http://Business456.com/mycoordinationservice/coordinator
%%F03CA2B%%
.
Coordination Faults
WS-Coordination faults MUST include as the [action] property the following fault action URI:
http://docs.oasis-open.org/ws-tx/wscoor/2006/06/fault
The protocol faults defined in this section are generated if the condition stated in the preamble is met. When used by a specification that references this specification, these faults are targeted at a destination endpoint according to the protocol fault handling rules defined for that specification.
The definitions of faults in this section use the following properties:
[Code] The fault code.
[Subcode] The fault subcode.
[Reason] A human readable explanation of the fault.
[Detail] The detail element. If absent, no detail element is defined for the fault.
For SOAP 1.2 HYPERLINK \l "SOAP12" [SOAP 1.2], the [Code] property MUST be either "Sender" or "Receiver". These properties are serialized into text XML as follows:
SOAP VersionSenderReceiverSOAP 1.2S12:SenderS12:Receiver
The properties above bind to a SOAP 1.2 HYPERLINK \l "SOAP12" [SOAP 1.2] fault as follows:
http://docs.oasis-open.org/ws-tx/wscoor/2006/06/fault
[Code]
[Subcode]
[Reason]
[Detail]
...
The properties bind to a SOAP 1.1 HYPERLINK \l "SOAP11" [SOAP 1.1] fault as follows:
[Subcode]
[Reason]
Invalid State
This fault is sent by either the coordinator or a participant to indicate that the endpoint that generated the fault has received a message that is not valid for its current state. This is an unrecoverable condition.
Properties:
[Code] Sender
[Subcode] wscoor:InvalidState
[Reason] The message was invalid for the current state of the activity.
[Detail] unspecified
Invalid Protocol
This fault is sent by either the coordinator or a participant to indicate that the endpoint that generated the fault received a message which is invalid for the protocols supported by the endpoint. This is an unrecoverable condition.
Properties:
[Code] Sender
[Subcode] wscoor:InvalidProtocol
[Reason] The protocol is invalid or is not supported by the coordinator.
Invalid Parameters
This fault is sent by either the coordinator or a participant to indicate that the endpoint that generated the fault received invalid parameters on or within a message. This is an unrecoverable condition.
Properties:
[Code] Sender
[Subcode] wscoor:InvalidParameters
[Reason] The message contained invalid parameters and could not be processed.
Cannot Create Context
This fault is sent by the Activation Service to the sender of a CreateCoordinationContext to indicate that a context could not be created.
Properties:
[Code] Sender
[Subcode] wscoor:CannotCreateContext
[Reason] CoordinationContext could not be created.
[Detail] unspecified
Cannot Register Participant
This fault is sent by the Registration Service to the sender of a Register to indicate that the Participant could not be registered.
Properties:
[Code] Sender
[Subcode] wscoor:CannotRegisterParticipant
[Reason] Participant could not be registered.
[Detail] unspecified
Security Model
The primary goals of security with respect to WS-Coordination are to:
ensure only authorized principals can create coordination contexts
ensure only authorized principals can register with an activity
ensure only legitimate coordination contexts are used to register
enable existing security infrastructures to be leveraged
allow principal authorization to be based on federated identities
These goals build on the general security requirements for integrity, confidentiality, and authentication, each of which is provided by the foundations built using the Web service security specifications such as WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec] and WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust].
The following figure illustrates a fairly common usage scenario:
INCLUDEPICTURE "D:\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\Dlan\\Local Settings\\Temporary Internet Files\\OLKA1A\\coordination\\images\\WS-Coordination Fig4.gif" \* MERGEFORMAT
In the figure above, step 1 involves the creation and subsequent communication between the creator of the context and the coordinator A (root). It should be noted that this may be a private or local communication. Step 2 involves the delegation of the right to register with the activity using the information from the coordination context and subsequent application messages between two applications (and may include middleware involvement) which are participants in the activity. Step 3 involves delegation of the right to register with the activity to coordinator B (subordinate) that manages all access to the activity on behalf of the second, and possibly other parties. Again note that this may also be a private or local communication. Step 4 involves registration with the coordinator A by the coordinator B and proof that registration rights were delegated.
It should be noted that many different coordination topologies may exist which may leverage different security technologies, infrastructures, and token formats. Consequently an appropriate security model must allow for different topologies, usage scenarios, delegation requirements, and security configurations.
To achieve these goals, the security model for WS-Coordination leverages the infrastructure provided by WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec], WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust], WS-Policy HYPERLINK \l "WSPOLICY" REF WSPOLICY \h \* MERGEFORMAT [WSPOLICY], and WS-SecureConversation HYPERLINK \l "WSSecConv" REF WSSecConv \h \* MERGEFORMAT [WSSecConv]: Services have policies specifying their requirements and requestors provide claims (either implicit or explicit) and the requisite proof of those claims.
There are a number of different mechanisms which can be used to affect the previously identified goals. However, this specification RECOMMENDS a simple mechanism, which is described here, for use in interoperability scenarios.
CoordinationContext Creation
When a coordination context is created (step 1 above) the message is secured using the mechanisms described in WS-Security. If the required claims are proven, as described by WS-Policy HYPERLINK \l "WSPOLICY" REF WSPOLICY \h \* MERGEFORMAT [WSPOLICY], then the coordination context is created.
A set of claims, bound to the identity of the coordination contexts creator, and maintained by the coordinator, are associated with the creation of the coordination context. The creator of the context MUST obtain these claims from the coordinator. Before responding with the claims, the coordinator requires proof of the requestors identity.
Additionally, the coordinator provides a shared secret which is used to indicate authorization to register with the coordination context by other parties. The secret is communicated using a security token and a element inside a header. The security token and hence the secret is scoped to a particular coordination context using the textual value of a element in a element in the using the mechanisms described in WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust]. This secret may be delegated to other parties as described in the next section.
Registration Rights Delegation
Secret delegation is performed by propagation of the security token that was created by the root Coordinator. This involves using the header containing a element. The entire header SHOULD be encrypted for the new participant.
The participants can then use the shared secret using WS-Security by providing a signature based on the key/secret to authenticate and authorize the right to register with the activity that created the coordination context.
The figure below illustrates this simple key delegation model:
INCLUDEPICTURE "D:\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\Dlan\\Local Settings\\Temporary Internet Files\\OLKA1A\\coordination\\images\\WS-Coordination Fig5.gif" \* MERGEFORMAT
As illustrated in the figure above, the coordinator A, root in this case, (or its delegate) creates a security context token (cordID) representing the right to register and returns (using the mechanisms defined in WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust]) that token to Application 1 (or its delegate) (defined in WS-SecureConversation HYPERLINK \l "WSSecConv" REF WSSecConv \h \* MERGEFORMAT [WSSecConv]) and a session key (Sk) encrypted for Application 1 inside of a proof token. This key allows Application 1 (or its delegate) to prove it is authorized to use the SCT. Application 1 (or its delegate) decrypts the session key (Sk) and encrypts it for Application 2 its delegate. Application 2 (or its delegate) performs the same act encrypting the key for the subordinate. Finally, coordinator B, subordinate in this case, proves its right to the SCT by including a signature using Sk.
It is RECOMMENDED by this specification that the key/secret never actually be used to secure a message. Instead, keys derived from this secret SHOULD be used to secure a message, as described in WS-SecureConversation HYPERLINK \l "WSSecConv" REF WSSecConv \h \* MERGEFORMAT [WSSecConv]. This technique is used to maximize the strength of the key/secret as illustrated in the figure below:
INCLUDEPICTURE "D:\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\Dlan\\Local Settings\\Temporary Internet Files\\OLKA1A\\coordination\\images\\WS-Coordination Fig6.gif" \* MERGEFORMAT
Security Considerations
It is strongly RECOMMENDED that the communication between services be secured using the mechanisms described in WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec]. In order to properly secure messages, the body and all relevant headers need to be included in the signature. Specifically, the header needs to be signed with the body and other key message headers in order to "bind" the two together. This will ensure that the coordination context is not tampered. In addition the reference parameters within an Endpoint Reference may be encrypted to ensure their privacy.
In the event that a participant communicates frequently with a coordinator, it is RECOMMENDED that a security context be established using the mechanisms described in WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust] and WS-SecureConversation HYPERLINK \l "WSSecConv" REF WSSecConv \h \* MERGEFORMAT [WSSecConv] allowing for potentially more efficient means of authentication.
It is common for communication with coordinators to exchange multiple messages. As a result, the usage profile is such that it is susceptible to key attacks. For this reason it is strongly RECOMMENDED that the keys used to secure the channel be changed frequently. This "re-keying" can be effected a number of ways. The following list outlines four common techniques:
Attaching a nonce to each message and using it in a derived key function with the shared secret
Using a derived key sequence and switch "generations"
Closing and re-establishing a security context
Exchanging new secrets between the parties
It should be noted that the mechanisms listed above are independent of the Security Context Token (SCT) and secret returned when the coordination context is created. That is, the keys used to secure the channel may be independent of the key used to prove the right to register with the coordination context.
The security context MAY be re-established using the mechanisms described in WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust] and WS-SecureConversation HYPERLINK \l "WSSecConv" REF WSSecConv \h \* MERGEFORMAT [WSSecConv]. Similarly, secrets MAY be exchanged using the mechanisms described in WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust]. Note, however, that the current shared secret SHOULD NOT be used to encrypt the new shared secret. Derived keys, the preferred solution from this list, MAY be specified using the mechanisms described in WS-SecureConversation HYPERLINK \l "WSSecConv" REF WSSecConv \h \* MERGEFORMAT [WSSecConv].
The following list summarizes common classes of attacks that apply to this protocol and identifies the mechanism to prevent/mitigate the attacks:
Message alteration Alteration is prevented by including signatures of the message information using WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec].
Message disclosure Confidentiality is preserved by encrypting sensitive data using WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec].
Key integrity Key integrity is maintained by using the strongest algorithms possible (by comparing secured policies see WS-Policy HYPERLINK \l "WSPOLICY" REF WSPOLICY \h \* MERGEFORMAT [WSPOLICY] and WS-SecurityPolicy HYPERLINK \l "WSSecPolicy" REF WSSecPolicy \h \* MERGEFORMAT [WSSecPolicy]).
Authentication Authentication is established using the mechanisms described in WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec] and WS-Trust HYPERLINK \l "WSTrust" REF WSTrust \h \* MERGEFORMAT [WSTrust]. Each message is authenticated using the mechanisms described in WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec].
Accountability Accountability is a function of the type of and string of the key and algorithms being used. In many cases, a strong symmetric key provides sufficient accountability. However, in some environments, strong PKI signatures are required.
Availability Many services are subject to a variety of availability attacks. Replay is a common attack and it is RECOMMENDED that this be addressed as described in the next bullet. Other attacks, such as network-level denial of service attacks are harder to avoid and are outside the scope of this specification. That said, care should be taken to ensure that minimal processing be performed prior to any authenticating sequences.
Replay Messages may be replayed for a variety of reasons. To detect and eliminate this attack, mechanisms should be used to identify replayed messages such as the timestamp/nonce outlined in WS-Security HYPERLINK \l "WSSec" REF WSSec \h \* MERGEFORMAT [WSSec]. Alternatively, and optionally, other technologies, such as sequencing, can also be used to prevent replay of application messages.
Use of WS-Addressing Headers
The protocols defined in WS-Coordination use a request-response message exchange pattern. The messages used in these protocols can be classified into two types:
Request messages: CreateCoordinationContext and Register.
Reply messages: CreateCoordinationContextResponse and RegisterResponse and the protocol faults defined in HYPERLINK \l "_Coordination_Faults" Section 4 of this specification.
Request messages used in WS-Coordination protocols MUST be constructed in accordance with section 3.3 of WS-Addressing 1.0 Core HYPERLINK \l "WSADDR" [WSADDR].
Reply and fault messages used in WS-Coordination protocols MUST be constructed in accordance with section 3.4 of WS-Addressing 1.0 Core HYPERLINK \l "WSADDR" [WSADDR].
Request and reply messages MUST include as the [action] property an action URI that consists of the wscoor namespace URI concatenated with the "/" character and the element name of the message. For example:
http://docs.oasis-open.org/ws-tx/wscoor/2006/06/Register
Glossary
The following definitions are used throughout this specification:
Activation service: This supports a CreateCoordinationContext operation that is used by participants to create a CoordinationContext.
CoordinationContext: Contains the activity identifier, its coordination type that represents the collection of behaviors supported by the activity and a Registration service Endpoint Reference that participants can use to register for one or more of the protocols supported by that activity's coordination type.
Coordination protocol: The definition of the coordination behavior and the messages exchanged between the coordinator and a participant playing a specific role within a coordination type. WSDL definitions are provided, along with sequencing rules for the messages. The definition of coordination protocols are provided in additional specification (e.g., WS-AtomicTransaction).
Coordination type: A defined set of coordination behaviors, including how the service accepts context creations and coordination protocol registrations, and drives the coordination protocols associated with the activity.
Coordination service (or Coordinator): This service consists of an activation service, a registration service, and a set of coordination protocol services.
Participant: A service that is carrying out a computation within the activity. A participant receives the CoordinationContext and can use it to register for coordination protocols.
Registration service: This supports a Register operation that is used by participants to register for any of the coordination protocols supported by a coordination type, such as WS-AtomicTransaction HYPERLINK \l "WSAT" [WSAT] Two-Phase Commit (2PC) or WS-BusinessActivity HYPERLINK \l "WSBA" [WSBA] BusinessAgreementWithCoordinatorCompletion.
Web service: A Web service is a computational service, accessible via messages of definite, programming-language-neutral and platform-neutral format, and which has no special presumption that the results of the computation are used primarily for display by a user-agent.
Acknowledgements
This document is based on initial contribution to OASIS WS-TX Technical Committee by the
following authors: Luis Felipe Cabrera (Microsoft), George Copeland (Microsoft), Max Feingold (Microsoft) (Editor), Robert W Freund (Hitachi), Tom Freund (IBM), Jim Johnson (Microsoft), Sean Joyce (IONA), Chris Kaler (Microsoft), Johannes Klein (Microsoft), David Langworthy (Microsoft), Mark Little (Arjuna Technologies), Anthony Nadalin (IBM), Eric Newcomer (IONA), David Orchard (BEA Systems), Ian Robinson (IBM), John Shewchuk (Microsoft), Tony Storey (IBM).
The following individuals have provided invaluable input into the initial contribution: Francisco Curbera (IBM), Sanjay Dalal (BEA Systems), Doug Davis (IBM), Don Ferguson (IBM), Kirill Gavrylyuk (Microsoft), Dan House (IBM), Oisin Hurley (IONA), Frank Leymann (IBM), Thomas Mikalsen (IBM), Jagan Peri (Microsoft), Alex Somogyi (BEA Systems), Stefan Tai (IBM), Satish Thatte (Microsoft), Gary Tully (IONA), Sanjiva Weerawarana (IBM).
The following individuals were members of the committee during the development of this specification:
Participants: MACROBUTTON
Charlton Barreto, Adobe Systems, Inc.
Martin Chapman, Oracle Corporation
Kevin Conner, JBoss Inc.
Paul Cotton, Microsoft Corporation
Doug Davis, IBM
Colleen Evans, Microsoft Corporation
Max Feingold, Microsoft Corporation
Thomas Freund, IBM
Robert Freund, Hitachi, Ltd.
Peter Furniss, Choreology Ltd.
Marc Goodner, Microsoft Corporation
Alastair Green, Choreology Ltd.
Daniel House, IBM
Ram Jeyaraman, Microsoft Corporation
Paul Knight, Nortel Networks Limited
Mark Little, JBoss Inc.
Jonathan Marsh, Microsoft Corporation
Monica Martin, Sun Microsystems
Joseph Fialli, Sun Microsystems
Eric Newcomer, IONA Technologies
Eisaku Nishiyama, Hitachi, Ltd.
Alain Regnier, Ricoh Company, Ltd.
Ian Robinson, IBM
Tom Rutt, Fujitsu Limited
Andrew Wilkinson, IBM
wstx-wscoor-1.2-spec-cs-01 2 October 2008
Copyright OASIS Open 2008. All Rights Reserved. Page PAGE 1 of NUMPAGES 26
MACROBUTTON NoMacro [document identifier] MACROBUTTON NoMacro [specification date]
Copyright OASIS Open 2004.All Rights Reserved. Page PAGE 1 of NUMPAGES 26
. 6 8 9 : C D T U V W ^ _ c d v x L M N O [ zrzj h* mH sH heE mH sH h h]E 0J mH sH h]E h]E mH sH h]E mH sH j h]E UmH sH h h mH sH h mH sH hN^ h} hN^ h hn( hi] hT h]E hA h7 hJ|} h"k hJ h`0 h