Return-Path: Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: (qmail 54591 invoked from network); 7 Feb 2011 15:50:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Feb 2011 15:50:58 -0000 Received: (qmail 56241 invoked by uid 500); 7 Feb 2011 15:50:58 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 55522 invoked by uid 500); 7 Feb 2011 15:50:54 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 55507 invoked by uid 99); 7 Feb 2011 15:50:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Feb 2011 15:50:53 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [64.85.173.253] (HELO server.dankulp.com) (64.85.173.253) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Feb 2011 15:50:45 +0000 Received: by server.dankulp.com (Postfix, from userid 5000) id AC30F187B95; Mon, 7 Feb 2011 10:50:24 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on server.dankulp.com X-Spam-Level: X-Msg-File: /tmp/mailfilter-dev@cxf.apache.org.eKwmOUN4tq Received: from dilbert.dankulp.com (c-24-91-72-253.hsd1.ma.comcast.net [24.91.72.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server.dankulp.com (Postfix) with ESMTPSA id B6A15187B93; Mon, 7 Feb 2011 10:50:23 -0500 (EST) From: Daniel Kulp To: robert@gliesian.com Subject: Re: WSDL validator tool and WS-I checks Date: Mon, 7 Feb 2011 10:49:51 -0500 User-Agent: KMail/1.13.6 (Linux/2.6.37; KDE/4.5.5; x86_64; ; ) Cc: dev@cxf.apache.org References: <20110207145542.5E5BB110934@webmail1.bravehost.com> <201102071020.04537.dkulp@apache.org> <6aa73a550321d3c46bdb6a9d494059b6@127.0.0.1> In-Reply-To: <6aa73a550321d3c46bdb6a9d494059b6@127.0.0.1> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <201102071049.51717.dkulp@apache.org> X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-102.9 required=3.0 tests=ALL_TRUSTED,BAYES_00, SHORTCIRCUIT shortcircuit=ham autolearn=disabled version=3.3.1 On Monday 07 February 2011 10:39:21 am robert wrote: > My group has a requirement to validate published WSDLs for compliance > against the WS-I Basic Security Profile. >=20 > Perhaps I have misunderstood the requirement, in relationship to the > 'published' sense? Or perhaps, the requirement could be refined > further. Honestly, I have no idea what the "requirement" would be. The only place= =20 WSDL is mentioned in the WSI-SP is in section 5.4. All the checks in th= ere=20 are just pointers to the BP 1.0 and 1.1 specifications. Thus, it's really= =20 just checking the BP. Dan =20 > On Mon, 7 Feb 2011 10:20:04 -0500, Daniel Kulp >=20 > wrote: > > On Monday 07 February 2011 9:55:42 am robert wrote: > >> Consider the online help for the WSDL validator tool: > >> http://cxf.apache.org/docs/wsdlvalidator.html. > >>=20 > >> The text states that the following check is performed: "Validate the > >> WSDL document against custom validation rules, such as those defined by > >> the Web Services Interoperability (WS-I) organization (i.e. WS-I Basic > >> Profile rules)." > >>=20 > >> I have two questions in this regards, > >>=20 > >> (1) The checks target what version of WS-I Basic Profile? If it's > >> not Web Services Interoperability Organization=E2=80=99s Basic Profile= , Version > >> 1.2, could checks be added for this latest version? > >=20 > > It's WS-I Basic Profile.. It's not all the rules though. I think > > WSI-BP defines hundreds, if not thousands, of checks. We're pretty > > much checking for the common issues. If someone wants to go through > > the BP spec and write > > additional checks, that would be great. It's not a priority for > > *ME* as the > > existing checks have been fairly adequate. > >=20 > >> (2) Are there any checks performed in relationship to "Web Services > >> Interoperability Organization=E2=80=99s Basic Security Profile, Versio= n 1.1"... > >> if not, could there be? > >=20 > > Well, the WSI-security profile defines on-the-wire rules and such. > > It really > > doesn't define any rules for anything in the WSDL. What would a *WSD= L* > > validator validate with this? =2D-=20 Daniel Kulp dkulp@apache.org http://dankulp.com/blog