What Standard Specifies how MTOM / XOP support should be indicated in a WSDL?

1.3k views Asked by At

I'm adding MTOM attachment support into existing webservice support in a Home Grown appserver. The webservice framework follows a similar pattern to JavaEE5, annotated services & objects being automatically exposed as a WebService with automatic WSDL generation.

I've got the actual parsing and generation going, but I've been unable to determine if I need to update the WSDL generation to indicate to clients that MTOM is supported and preferred. I've been finding multiple conflicting standards for how to Indicate MTOM support and I'm at a loss as to what's used in the real world.

So far I've found:

As far as I can see, the W3c one appears to be a later version of the XMLSoap one, however they seem to use a different element in a different namespace for the assertion:

I've also fond a random forum post which seems to indicate that Glassfish was using the XML Soap one. The W3C standard is a draft, but seems to have been a draft sine 2007.

Does anyone know which of these specs is generally in use? Or is it common to just ignore the WSDL when it comes to MTOM?

1

There are 1 answers

1
EdC On

Since this question has tumbleweeded here is what I decided incase anyone else stumbles across this.

It appears that the W3C Spec linked to in the original post has stagnated since it's still in draft. There is also a W3C Spec for WSDL2 which includes a specific attribute to indicate MTOM support, however WSDL2 doesn't appear to be in use in the wild.

As a result of this and the indications that it's used by Glassfish I opted for the XmlSoap spec linked to in the question. However I haven't actually found any tools or clients that actually interpret the MTOM assertion, rather the client tools I've come across ask you to explicitly indicate whether they should MTOM encode the request or not. So including this assertion appears to be a bit of a moot point.

A word of warning though, while JAX-WS doesn't appear to use the MTOM assertion it does use the PolicyAssertions for security. The presence of any PolicyAssertions means that JAX-WS ignores any explicitly specified security configuration. So specifying the MTOM assertion without also including the security assertions prevents the web-service being called if it is secured in any way. I'm uncertain if this issue also applies to other client tools.