Sun OpenSSO Enterprise 8.0 Developer's Guide

PAOS Binding

OpenSSO Enterprise has implemented the optional Liberty Reverse HTTP Binding for SOAP Specification. This specification defines a message exchange protocol that permits an HTTP client to be a SOAP responder. HTTP clients are no longer necessarily equipped with HTTP servers. For example, mobile terminals and personal computers contain web browsers yet they do not operate HTTP servers. These clients, though, can use their browsers to interact with an identity service, possibly a personal profile service or a calendar service. These identity services could also be beneficial when the client devices interact with an HTTP server. The use of PAOS makes it possible to exchange information between user agent-hosted services and remote servers. This is why the reverse HTTP for SOAP binding is also known as PAOS; the spelling of SOAP is reversed.

Comparison of PAOS and SOAP

In a typical SOAP binding, an HTTP client interacts with an identity service through a client request and a server response. For example, a cell phone user (client) can contact the phone service provider (service) to retrieve stock quotes and weather information. The service verifies the user’s identity and responds with the requested information.

In a reverse HTTP for SOAP binding, the phone service provider plays the client role, and the cell phone client plays the server role. The initial SOAP request from the server is actually bound to an HTTP response. The subsequent response from the client is bound to a request.

PAOS Binding API

The OpenSSO Enterprise implementation of PAOS binding includes a Java package named This package provides classes to parse a PAOS header, make a PAOS request, and receive a PAOS response.

Note –

This API is used by PAOS clients on the HTTP server side. An API for PAOS servers on the HTTP client side would be developed by the manufacturers of the HTTP client side products, for example, cell phone manufacturers.

The following table describes the available classes in For more detailed API documentation, see the Sun OpenSSO Enterprise 8.0 Java API Reference.

Table 9–10 PAOS Binding Classes




Used by a web application on the HTTP server side to parse a PAOS header in an HTTP request from the user agent side. 


Used by a web application on the HTTP server side to construct a PAOS request message and send it via an HTTP response to the user agent side. 

Note –

PAOSRequest is made available in PAOSResponse to provide correlation, if needed, by API users.


Used by a web application on the HTTP server side to receive and parse a PAOS response using an HTTP request from the user agent side. 


Represents an error occurring while processing a SOAP request and response.