Monthly Archives: December 2004

December 22, 2004

From UPS to EPR

A packaged was shipped to me through UPS. As usual, I received an email message informing me that it had shipped and giving me a URI to track its progress. This is what the URI looked like (after changing the tracking number and inserting a few line breaks):

http://wwwapps.ups.com/WebTracking
/processRequest?HTMLVersion=5.0&Requester=NES
&AgreeToTermsAndConditions=yes&loc=en_US
&tracknum=123123123123

The interesting thing to notice, is that there is a parameter in the URI, called “AgreeToTermsAndConditions” and its value is set to “yes”. If you do a GET on this URI, you will receive, as expected, the description of the status of the shipment. On the other hand, if you go to the UPS Web site armed with just the tracking number you have to check a box that reads “By selecting this box and the ‘Track’ button, I agree to these Terms and Conditions” before you can track the shipment. It seems pretty clear that the “AgreeToTermsAndConditions” parameter is in the URI in order to plug into the same Web application from the email link as from the Web page and this application was designed to check that the parameter is present and set to “yes”.

This has several similarities with some of the discussions around WS-Addressing. First, it illustrates the need to plug into an application in a place where the application might not have been designed to allow you to do so. In this case, we can imagine that the tracking application was designed with the assumption that people would only invoke it from the UPS web site. One day UPS decided it would be nice to send in email a link that takes people directly to the status of a particular shipment rather than just tell them to “go to ups.com and enter your tracking ID in the tracking form”. One important reason for pushing back on the idea of wrapping reference properties is that it would prevent such a scenario in a SOAP world. For this reason I agree that a wrapper for reference properties is a bad idea and if reference properties remain in WS-Addressing the way to fix this mechanism is to leave them as SOAP headers but add a WS-Addressing-defined SOAP header to list headers that were added to a message only because an EPR requires it, with no implication that the sender stands behind any semantic that might be attached to them.

When I write about “fixing” reference properties in the previous sentence, I am referring to the fact that the current version of WS-Addressing creates a lot of confusion as to the implications of sending SOAP headers and whether I can be held liable by anything that is in a SOAP header I send (and potentially sign). This is the second thing that this UPS URI illustrates by analogy. As a human I get a sense of what a parameter called “AgreeToTermsAndConditions” corresponds to (even though the URI doesn’t tell me what these terms and conditions are). But what if the parameter name was shortened to its acronym “ATTAC”? In any case, I am not expected to understand the composition of this URI, I should be able to treat it as opaque. Just like resource properties. And for this reason, when I do a GET on the URI I am not bound by whatever the presence of this parameter in the URI is assumed to mean by UPS. This means that I can NEVER be bound by the content of a URI I dereference because how can one prove that I understand the semantic of the URI. Even when I fill a form on a Web site, I don’t know (unless I check the HTML) how the resulting URI (assuming the form uses GET) will come out. There might well be a hidden parameter in the form.

In a SOAP world, this can be fixed by meaningful, agreed-upon, headers. If people agree that by sending (and signing) a SOAP header you are making a statement, then you can build systems that can rely on the ability to make such statements as “I understand and agree to the set of terms and conditions identified by a given QName”. But this breaks down if people are able to say “I didn’t understand I was saying this, I was just echoing what you told me to say”. This is what the current WS-Addressing spec does, and what needs to be fixed. Let’s see how the UPS URI could translate to an endpoint reference. For this, we need to consider two scenarios, both of them equally valid.

Scenario 1: legacy integration

In this scenario, the UPS people decide they do not require the invoker to actually make a statement about the terms and conditions. They just need a SOAP header called “I agree to the terms and conditions” to be set to true because this is how their application is currently programmed (it will fail if it doesn’t see it). In this case, it is perfectly reasonable to put a “I agree to terms and conditions” element as a reference property and this element will be sent as a SOAP header, preventing the application from failing. But in order for SOAP headers to be used to make a statement in some cases, there needs to be a way to expressed when, as in this scenario, the invoker is not making a statement by including it. Thus my earlier proposal of a wsa:CoverMyRearside header (that points to all the headers I include for no reason other than because an EPR asks me to). The other option, as written down by Dims is to add an attribute in each such header. But there are two main drawbacks to this approach: (1) unlike a new SOAP header, I can’t mark an attribute “mustUnderstand=true” (Dims’ initial proposal actually had a SOAP header with “mustUnderstand=true” for this very reason) and (2) some elements might not allow arbitrary attributes to be added at the top level.

Scenario 2: meaningful header

In this second scenario, the UPS people want to make sure, before they return the tracking information, that the invoker has made a statement that it understands and agrees to the terms and conditions. In this case, it makes no sense to put a “”I agree to the terms and conditions” element as a reference property as what is intended is not for such an element to be echoed blindly but to be used to make an explicit statement. In this scenario, the EPR sent by UPS would contain all the opaque elements, those sent for the benefit of the UPS application but by which the invoker is not making a statement (from the look of the URI, this would be “HTMLVersion”, “Requester”, “loc” and “tracknum”). But the “agree to terms and conditions” header would not be specified as a reference property, it would be listed in the WSDL description of the service. And when the invoker sends this header, it would not be included in the wsa:CoverMyRearside header because the invoker is indeed making a statement by sending it.

Comments Off on From UPS to EPR

Filed under Everything, Security, Standards, Tech

December 12, 2004

WSDM open house

Jamie’s email marks the start of the public review for WSDM MUWS 1.0 and WSDM MOWS 1.0. Note that when the OASIS webmaster gets around to it, the XML files will also be available at the URIs that correspond to their respective namespaces and the specifications will be available at consistent URIs (e.g. http://docs.oasis-open.org/wsdm/2004/12/muws/cd-wsdm-muws-part1-1.0.pdf for MUWS Part 1). But the links in Jamie’s email will keep working.

Comments Off on WSDM open house

Filed under Everything, Standards

December 11, 2004

Natural selection favors Tablet PC owners

When I got my Tablet PC (an HP tc1100) I was interested in the form factor, the ability to take hand-written notes and the ease of reviewing documents in cramped spaces, like an airplane seat. But I just learned that the fact that the keyboard stays cold (because the disk and the CPU are behind the LCD screen) has an additional advantage I hadn’t thought of.

Comments Off on Natural selection favors Tablet PC owners

Filed under Everything, Off-topic

December 7, 2004

WSRF/WSN overview

For those who would like a short introduction to WSRF and WSN, there is a new one on HP’s DRC site based on presentation I gave a few months ago. Thanks Chris and Kathleen for putting this up.

Comments Off on WSRF/WSN overview

Filed under Everything, Standards, Tech

December 3, 2004

Let’s try it, if all goes well it will fail

I am a bit confused about the attempt of the credit report companies to “protect the link” to the new site where one can get free credit reports (see the bottom of this article). I understand the problem of phishing and I agree that this site will be a very tempting target for phishing. The “solution” the people at annualcreditreport.com came up with is that links to their site won’t work unless the link is either on the FTC web site or one of the three credit report companies. For example, try clicking here and it should give you an error. This is presumably done by checking the “Referer” HTTP header. Yes, it’s “referer”, not “referrer”, an example of how authors of Web browsers are normatively required to make spelling mistakes, this should keep all of us spec editors on our toes (which, as a side note, happens to be literally the case for me this week because I slammed my heel on the edge of the swimming pool by doing an aggressive flip turn a bit too close to the wall during a Master’s swimming training session).

Anyway, back to the “protect the link” story. Let’s see how this would work. I have in front of me a hypertext link to their site. If I know that the site has this “protection” then why would I click on it? If it works then it’s a fake and I don’t want to use it and if it’s not a fake then it won’t work. In any case I know I’ll have to enter the URL by hand so I’ll do it right away. And if I am not aware of this behavior then I will click on the link. If it works (because the link is a fake), then I have no reason to suspect anything fishy and I’m in trouble. If it doesn’t work (because the link is real) then I’ll see that I have to enter the URL by hand and I will be out of trouble but I wasn’t in trouble to start with since the link was correct. In either of these four permutations this system doesn’t do any good.

The scary thing is that when people learn about this system, they might actually be more trustful with sites that implement something like this. But what stops a phishing site from doing the exact same thing, giving people an error message unless they type the URL by hand? Nothing. This reminds me of an email I once got from my bank to “educate” me about phishing. With “helpful” advice such as “we will never request personal information from you until after you are logged into our site using your username and password”. Hello? I give them my credentials and this supposedly authenticates them to me?

Comments Off on Let’s try it, if all goes well it will fail

Filed under Everything, Security

December 2, 2004

Just on time for the Christmas tree

I must admit I was embarrassed to link to a copy of MUWS which was (1) a Word document and (2) covered with change tracking annotations in my previous post. Kind of like having friends or neighbors drop by when your laundry is spread out on the living room floor for folding. Well, now there are better links available to clean PDF versions of WSDM MUWS Part 1 and WSDM MUWS Parts 2. Note that these are still working drafts, they haven’t been approved by the technical committee yet. But the vote is currently open (for a week) and these are the versions that the committee is expected to promote to Committee Draft. Next step, OASIS standard…

Comments Off on Just on time for the Christmas tree

Filed under Everything, Standards

December 1, 2004

That’s not an identifier. THIS is an identifier (say it with a Crocodile Dundee accent)

I already explained that I agree with Paco’s view that EPRs are not identifiers. Pankaj also provided a concrete example of why confusing references and identifiers causes problems. Paco just sent a new, better explanation of his earlier point, in the format of a formal proposal to the WS-Addressing WG. His proposal and its justification are a must read. He starts with a “what is required from an identifier” paragraph, which reads:

An identifier to be useful must allow meaningful comparison for identity or “sameness”. This requires them to overall unique and unambiguous, otherwise no meaningful comparison is possible. Moreover one could argue that to be really useful identifiers should not be reused once they’ve been made invalid.

Compare this with the specification for the ResourceId property defined in MUWS Part 1 (note: this is a link to the current working draft as a Word document, not yet a committee draft). Some highlights that match very well with Paco’s expectations for a *real* identifier:

  • Globally unique: A manageability endpoint MUST create the ResourceId URI in a way that ensures that the ResourceId is unique to the resource managed through the manageability endpoint and globally unique.
  • Uniqueness in time: A ResourceId MUST NOT be reused by the implementation of a manageability endpoint for another resource, even after the original resource no longer exists.
  • Consistency across endpoints: An implementation of a manageability endpoint SHOULD use a ResourceId that is suggested by the characteristics of a resource.

And the spec goes on to define in more details why/how implementers should ensure that difference manageability endpoints for the same resource return the same ResourceId, persistence of the ResourceId in time and how to establish “sameness” when for some reason different manageability endpoints for the same resource are unable to return the same ResourceId (correlatable properties). Go ahead and read it or wait a couple of weeks if you want to see a committee draft as a clean PDF rather than a Word document with change tracking turned on.

Comments Off on That’s not an identifier. THIS is an identifier (say it with a Crocodile Dundee accent)

Filed under Everything, Standards, Tech