More thoughts on MTOM

Web Services should avoid using SOAP with Attachments (SWA) because it is incompatible with the Web Services model.  For example, SWA does not work with WS-Security, making it difficult to secure attachments or establish trust boundaries that span multiple organizations. Due to this problem, the W3C has decided to move away from SWA and adopt MTOM as the sole recommendation for attaching non-XML resources to SOAP messages.

MTOM is not a competitor to SWA – MTOM was designed to fix the issues with SWA, enabling it to work within the composable model of the Advanced Web services specifications. MTOM messages are actually valid SWA messages

Web Services receiving an MTOM attachment will need to buffer the XML portion of the message.

If the non-XML portions of the message are not in the same order as they are referenced in the XML portion additional buffering may be required.

Web Services must use the base-64 form of the non-XML attachment to calculate digests for security.

MTOM serializes non-XML data as raw octets. Octets are not the same as base-64 and must be converted to a base-64 representation prior to digest computation.

Web Services must use the base-64 form of the non-XML attachment for encryption.

MTOM serializes non-XML data as raw octets. Octets are not the same as base-64 and must be converted to a base-64 representation prior to encryption. The cipher data produced by the encryption is then serialized into octets for transmission.

Web Services should use simple base-64 encoding for attaching non-XML data until a production-quality MTOM implementation is available.

Base-64 encoding is the best way to pass non-XML data until vendors begin shipping full support for MTOM. Base-64 encoding is fully compliant with Advanced Web Services and provides a highly efficient mechanism for XML encoding. Several development platforms (such as .NET) make it relatively easy to serialize byte arrays into base-64-encoded elements – this enables non-XML data to be transferred to a web service as a byte array parameter. The code snippet below illustrates the ease with which a service can extract non-XML data from a base-64 encoded construct:

[WebMethod]
public byte[] getPicture()
{

    FileInfo inf = new FileInfo(IMAGE_FILE_PATH);
FileStream fs = new FileStream(IMAGE_FILE_PATH, FileMode.Open);
byte ret = new byte inf.Length;
fs.Read(ret, 0, (int)inf.Length);
fs.Close();
return ret;
}