W3C home > Mailing lists > Public > public-ws-addressing@w3.org > April 2007

RE: Policy alternatives, negation, [Non]AnonResponse assertion and the none URI

From: Ashok Malhotra <ashok.malhotra@oracle.com>
Date: Mon, 23 Apr 2007 12:48:16 -0700
To: "tom@coastin.com" <tom@coastin.com>, "Anish Karmarkar" <Anish.Karmarkar@oracle.com>
CC: "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "ws policy" <public-ws-policy@w3.org>
Message-ID: <20070423124816043.00000004468@amalhotr-pc>

Tom, you said ...

> a missing assertion in a policy means it does not "apply"  This does not
> say negation.

The wording in the spec is the "assertion will not be applied".  I take this to mean MUST NOT be applied i.e. negation.

All the best, Ashok

> -----Original Message-----
> From: Tom Rutt [mailto:tom@coastin.com]
> Sent: Monday, April 23, 2007 12:42 PM
> To: Anish Karmarkar
> Cc: Ashok Malhotra; public-ws-addressing@w3.org; ws policy
> Subject: Re: Policy alternatives, negation, [Non]AnonResponse assertion
> and the none URI
> 
> I would like to point out that in my understanding (which is  changing
> "weekly" I must admit)
> a missing assertion in a policy means it does not "apply"  This does not
> say negation.
> 
> I am having trouble understanding the point Ashok is trying to make.
> 
> If assertions are defined as in alterntaive G (constraints over a
> general use of ws addressing) then empty does not imply
> negation, but implies the constraint does not apply.
> 
> I like alternative G, and I would suggest that we wait for the policy
> group's response to Bob's letter.
> 
> Tom R
> 
> Anish Karmarkar wrote:
> >
> > Ashok,
> >
> > So you are saying (I'm rephrasing to get clarity) that:
> > "... does not apply .." => one MUST NOT do whatever the missing
> > assertion asked one to do.
> > Right?
> > If so, the spec needs to be clarified to make it clear. This was not
> > clear to a lot of folks on WS-Addressing.
> >
> > Additionally, does this negation effect apply to only top-level
> > assertions or nested assertions as well. IOW, are nested assertions
> > part of the vocabulary.
> >
> > One not obvious (not to me) side-effect of this 'negation' is the
> > following:
> >
> > Consider the scenario where two very complicated polices are created
> > by the IT department. Let's call them P1 and P2. I'm required to use
> > P1 or P2 on services that are exposed outside the firewall. P1
> > contains an assertion A that is absent in P2. If I advertise P1 only
> > then I have to do whatever A asks me to do. If I advertise P2 only, I
> > may or may not use A (as it is not part of the vocabulary) -- it is up
> > to me. If I advertise a policy that says either of P1 or P2 and P2 is
> > selected, I cannot use A. This is very surprising (at least to me).
> > This does not follow the 'principle of least surprise'. "OR"ing
> > operation in other contexts does not introduce negation based on
> > vocabulary set. I'm curious as to the rationale for this. In any case,
> > guidance and clarification in the spec or the primer would be very
> > useful.
> >
> > -Anish
> > --
> >
> > Ashok Malhotra wrote:
> >> If you have a Policy that says Assertion A and B then you have to do
> >> A and B.  Since it says nothing about C, you may or may not do C.
> >> However, if A,B and C are all in the Policy Vocabulary (the
> >> assertions contained in the Policy) and you select an alternative
> >> from the Policy that contains only A and B, you may not do C.  Thus,
> >> it is a form of negation.
> >>
> >> All the best, Ashok
> >>
> >>> -----Original Message-----
> >>> From: Anish Karmarkar [mailto:Anish.Karmarkar@oracle.com]
> >>> Sent: Monday, April 16, 2007 2:41 PM
> >>> To: Ashok Malhotra
> >>> Cc: public-ws-addressing@w3.org; ws policy
> >>> Subject: Re: Policy alternatives, negation, [Non]AnonResponse
> assertion
> >>> and the none URI
> >>>
> >>> Ashok,
> >>>
> >>> We discussed this at the ws-addr call today and are waiting to get
> >>> clarification from ws-policy WG on the phrase "... assertion will
> >>> not be
> >>> applied ...," as to its meaning. It is not clear, to at least some
> >>> (many?) member of ws-addr wg, what it means.
> >>>
> >>> We decided to postpone a resolution on this (and related issue) till
> we
> >>> get some direction/resolution from ws-policy wg.
> >>>
> >>> -Anish
> >>> --
> >>>
> >>> Ashok Malhotra wrote:
> >>>> Here is the relevant text from the Policy Framework document:
> >>>>
> >>>> [Definition: A policy vocabulary is the set of all policy assertion
> >>> types used in a policy.] ... When an assertion whose type is part of
> >>> the
> >>> policy's vocabulary is not included in a policy alternative, the
> policy
> >>> alternative without the assertion type indicates that the assertion
> >>> will
> >>> not be applied in the context of the attached policy subject.
> >>>> All the best, Ashok
> >>>>> -----Original Message-----
> >>>>> From: public-ws-addressing-request@w3.org
> >>>>> [mailto:public-ws-addressing-
> >>>>> request@w3.org] On Behalf Of Anish Karmarkar
> >
> >>>>> Sent: Monday, April 16, 2007 9:56 AM
> >>>>> To: public-ws-addressing@w3.org
> >>>>> Subject: Policy alternatives, negation, [Non]AnonResponse
> >>>>> assertion and
> >>>>> the none URI
> >>>>>
> >>>>>
> >>>>> There is view among the WS-Policy wonks (not sure how widely
> accepted
> >>>>> this is or whether the WS-Policy specs explicitly calls this out)
> >>>>> that
> >>>>> when there are alternatives present and the selected alternative
> does
> >>>>> not contain an assertion X but another alternative does, then the
> >>> effect
> >>>>>   of such a selection consists of negation of X.
> >>>>>
> >>>>> We have two assertions AnonResponse and NonAnonResponse assertions.
> >>> Both
> >>>>> of them require that the 'none' URI be allowed for the response EPR.
> >>>>> Does that mean that negation of any of these implies 'none' must
> >>>>> not be
> >>>>> used?
> >>>>>
> >>>>> If so, that is a problem, none is useful for things like one-way
> >>>>> operations that don't use the response EPR for that MEP.
> >>>>>
> >>>>> Additionally, if one has two alternatives one with AnonResponse only
> >>> and
> >>>>> one with NonAnonResponse only, then that would be self-
> contradictory.
> >>>>>
> >>>>> -Anish
> >>>>> --
> >>>>>
> >>>>>
> >>
> >>
> >
> 
> --
> ----------------------------------------------------
> Tom Rutt	email: tom@coastin.com; trutt@us.fujitsu.com
> Tel: +1 732 801 5744          Fax: +1 732 774 5133
> 
> 
Received on Monday, 23 April 2007 19:50:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:35:17 GMT