W3C home > Mailing lists > Public > public-ws-policy-eds@w3.org > September 2006

2006/ws/policy ws-policy-primer.html,1.10,1.11 ws-policy-primer.xml,1.7,1.8

From: Toufic Boubez via cvs-syncmail <cvsmail@w3.org>
Date: Mon, 25 Sep 2006 04:14:05 +0000
To: public-ws-policy-eds@w3.org
Message-Id: <E1GRhr3-0001OQ-Vh@lionel-hutz.w3.org>

Update of /sources/public/2006/ws/policy
In directory hutz:/tmp/cvs-serv5195

Modified Files:
	ws-policy-primer.html ws-policy-primer.xml 
Log Message:
Correcting syntax error - TIB

Index: ws-policy-primer.html
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- ws-policy-primer.html	19 Sep 2006 21:55:47 -0000	1.10
+++ ws-policy-primer.html	25 Sep 2006 04:14:03 -0000	1.11
@@ -72,7 +72,7 @@
         no official standing.</strong></p><p></p></div>
   <hr><div class="toc">
 <h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#introduction">Introduction</a><br>2. <a href="#basic-concepts-policy-expression">Basic Concepts: Policy Expression</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.1 <a href="#web-services-policy">Web Services Policy</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.2 <a href="#simple-message">Simple Message</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.3 <a href="#secure-message">Secure Message</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.4 <a href="#other-assertions">Other Assertions</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.5 <a href="#combining-policy-assertions">Combining Policy Assertions</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.6 <a href="#optional-policy-assertion">Optional Policy Assertion</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.7 <a href="#nested-policy-expressions">Nested Policy Expressions</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.8 <a href="#Referencing_Policy_Expressions">Referencing Policy Expressions</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.9 <a href="#attaching-policy-expressions-to-wsdl">Attaching Policy Expresions to WSDL</a><br>&nbsp;&nbsp;&nbsp;&nbsp;2.10 <a href="#policy-automates-web-services-interaction">Policy Automates Web Services Interaction</a><br>3. <a href="#advanced-concepts-1-policy-expression">Advanced Concepts I: Policy Expression</a><br>&nbsp;&nbsp;&nbsp;&nbsp;3.1 <a href="#policy-expression">Policy Expression</a><br>&nbsp;&nbsp;&nbsp;&nbsp;3.2 <a href="#normal-form-for-policy-expressions">Normal Form for Policy Expressions</a><br>&nbsp;&nbsp;&nbsp;&nbsp;3.3 <a href="#policy-data-model">Policy Data Model</a><br>&nbsp;&nbsp;&nbsp;&nbsp;3.4 <a href="#compatible-policies">Compatible Policies</a><br>&nbsp;&nbsp;&nbsp;&nbsp;3.5 <a href="#attaching-policy-expressions-to-wsdl2">Attaching Policy Expressions to WSDL</a><br>&nbsp;&nbsp;&nbsp;&nbsp;3.6 <a href="#combine-policies">Combine Policies</a><br>&nbsp;&nbsp;&nbsp;&nbsp;3.7 <a href="#extensibility-and-versioning">Extensibility and Versioning</a><br>4. <a href="#advanced-concepts-2-policy-assertion-design">Advanced Concepts II: Policy Assertion Desin</a><br>&nbsp;&nbsp;&nbsp;&nbsp;4.1 <a href="#role-of-policy-assertions">Role of Policy Assertions</a><br>&nbsp;&nbsp;&nbsp;&nbsp;4.2 <a href="#parts-of-a-policy-assertion">Parts of a Policy Assertion</a><br>&nbsp;&nbsp;&nbsp;&nbsp;4.3 <a href="#when-to-design-policy-assertions">When to design policy assertions?</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.3.1 <a href="#opt-in-behavior">Opt-in behavior</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.3.2 <a href="#shared-behavior">Shared behavior</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.3.3 <a href="#visible-behavior">Visible behavior</a><br>&nbsp;&nbsp;&nbsp;&nbsp;4.4 <a href="#guidelines-for-designing-assertions">Guidelines for Designing Assertions</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.1 <a href="#optional-behaviors">Optional Behaviors</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.2 <a href="#assertion-vs-assertion-parameter">Assertion vs. assertion parameter</a><br>&nbsp;&nbsp;&nbsp;&bsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.3 <a href="#leveraging-nested-policy">Leveraging Nested Policy</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.4 <a href="#minimal-approach">Minimal approach</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.5 <a href="#QName_and_XML_Information_Set_representation">QName and XML Information Set representation</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.6 <a href="#Policy_subject_and_attachment_points">Policy subject and attachment points</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.7 <a href="#versioning-behaviors">Versioning behaviors</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.8 <a href="#N67888">Versioning Policy Language</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.8.1 <a href="#N67920">Policy Framework</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;4.4.8.2 <a href="#N68042">Policy Attachment</a><br>&nbsp;&nbsp;&nbsp;&nbsp;4.5 <a href="#desribing-policy-assertions">Describing Policy Assertions</a><br>5. <a href="#conclusion">Conclusion</a><br></p>
-<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#security-considerations">Security Considerations</a><br>&nbsp;&nbsp;&nbsp;&nbsp;A.1 <a href="#information-disclosure-threats">Information Disclosure Threats</a><br>&nbsp;&nbsp;&nbsp;&nbsp;A.2 <a href="#spoofing-and-tampering-threats">Spoofing and Tampering Threats</a><br>&nbsp;&nbsp;&nbsp;&nbsp;A.3 <a href="#downgrade-threats">Downgrade Threats</a><br>&nbsp;&nbsp;&nbsp;&nbsp;A.4 <a href="#repudiation-threats">Repudiation Threats</a><br>&nbsp;&nbsp;&nbsp;&nbsp;A.5 <a href="#denial-of-service-threats">Denial of Service Threats</a><br>&nbsp;&nbsp;&nbsp;&nbsp;A.6 <a href="#general-xml-considerations">General XML Considerations</a><br>B. <a href="#xml-namespaces">XML Namespaces</a><br>C. <a href="#references">References</a><br>D. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>E. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>F. <a href="#change-log">Web Services Plicy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body">
+<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#xml-namespaces">XML Namespaces</a><br>B. <a href="#references">References</a><br>C. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>D. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>E. <a href="#change-log">Web Services Policy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body">
     <div class="div1">
       
 <h2><a name="introduction"></a>1. Introduction</h2>
@@ -113,7 +113,7 @@
         policy assertions, outlines guidelines for designing policy assertions and enumerates the
         minimum requirements for describing policy assertions in specifications.</p>
       <p>This is a non-normative document and does not provide a definitive specification of the Web
-        Services Policy language. <a href="#xml-namespaces"><b>B. XML Namespaces</b></a> lists all the that are used in
+        Services Policy language. <a href="#xml-namespaces"><b>A. XML Namespaces</b></a> lists all the that are used in
         this document. (XML elements without a namespace prefix are from the Web Services Policy XML
         Namespace.)</p>
     </div>
@@ -179,7 +179,7 @@
         <p>This message uses message addressing headers. The <code>wsa:To</code>
           and<code>wsa:Action</code> header blocks identify the destination and the semantics
           implied by this message respectively. (The prefix <code>wsa</code> is used here to denote
-          the Web Services Addressing XML Namespace. <a href="#xml-namespaces"><b>B. XML Namespaces</b></a> lists all the
+          the Web Services Addressing XML Namespace. <a href="#xml-namespaces"><b>A. XML Namespaces</b></a> lists all the
           and prefixes that are used in this document.)</p>
         <p>Let us look at a fictitious scenario used in this document to illustrate the features of
           the policy language. Tony is a Web service developer. He is building a client application
@@ -1857,115 +1857,11 @@
   <div class="back">
     <div class="div1">
       
-<h2><a name="security-considerations"></a>A. Security Considerations</h2>
-      <p>This appendix describes the security considerations that service providers, requestors,
-        policy authors, policy assertion authors, and policy implementers need to consider when
-        exposing, consuming and designing policy expressions, authoring policy assertions or
-        implementing policy.</p>
-      <div class="div2">
-        
-<h3><a name="information-disclosure-threats"></a>A.1 Information Disclosure Threats</h3>
-        <p>A policy is used to represent the capabilities and requirements of a Web Service.
-          Policies may include sensitive information. Malicious consumers may acquire sensitive
-          information, fingerprint the service and infer service vulnerabilities. These threats can
-          be mitigated by requiring authentication for sensitive information, by omitting sensitive
-          information from the policy or by securing access to the policy. For securing access to
-          policy metadata, policy providers can use mechanisms from other Web Services
-          specifications such as WS-Security and WS-MetadataExchange.</p>
-      </div>
-      <div class="div2">
-        
-<h3><a name="spoofing-and-tampering-threats"></a>A.2 Spoofing and Tampering Threats</h3>
-        <p>If a policy expression is unsigned it could be easily tampered with or replaced. To
-          prevent tampering or spoofing of policy, requestors should discard a policy unless it is
-          signed by the provider and presented with sufficient credentials. Requestors should also
-          check that the signer is actually authorized to express policies for the given policy
-          subject.</p>
-      </div>
-      <div class="div2">
-        
-<h3><a name="downgrade-threats"></a>A.3 Downgrade Threats</h3>
-        <p>A policy may offer several alternatives that vary from weak to strong set of
-          requirements. An adversary may interfere and remove all the alternatives except the
-          weakest one (say no security requirements). Or, an adversary may interfere and discard
-          this policy and insert a weaker policy previously issued by the same provider. Policy
-          authors or providers can mitigate these threats by sun-setting older or weaker policy
-          alternatives. Requestors can mitigate these threats by discarding policies unless they are
-          signed by the provider.</p>
-      </div>
-      <div class="div2">
-        
-<h3><a name="repudiation-threats"></a>A.4 Repudiation Threats</h3>
-        <p>Malicious providers may include policy assertions in its policy whose behavior cannot be
-          verified by examining the wire message from the provider to requestor. In general,
-          requestors have no guarantee that a provider will behave as described in the provider&rsquo;s
-          policy expression. The provider may not and perform a malicious activity. For example, say
-          the policy assertion is privacy notice information and the provider violates the semantics
-          by disclosing private information. Requestors can mitigate this threat by discarding
-          policy alternatives which include assertions whose behavior cannot be verified by
-          examining the wire message from the provider to requestor. Assertion authors can mitigate
-          this threat by not designing assertions whose behavior cannot be verified using wire
-          messages.</p>
-      </div>
-      <div class="div2">
-        
-<h3><a name="denial-of-service-threats"></a>A.5 Denial of Service Threats</h3>
-        <p>Malicious providers may provide a policy expression with a large number of alternatives,
-          a large number of assertions in alternatives, deeply nested policy expressions or chains
-          of PolicyReference elements that expand exponentially (see the chained sample below; this
-          is similar to the well-known DTD entity expansion attack). Policy implementers need to
-          anticipate these rogue providers and use a configurable bound with defaults on number of
-          policy alternatives, number of assertions in an alternative, depth of nested policy
-          expressions, etc.</p>
-        <div class="exampleOuter">
-          <p style="text-align: left" class="exampleHead"><i><span>Example A-1. </span>Chained Policy Reference Elements</i></p>
-          <div class="exampleInner"><pre>&lt;Policy wsu:Id="p1"&gt;
-  &lt;PolicyReference URI="#p2"/ &gt;
-  &lt;PolicyReference URI="#p2"/&gt;
-&lt;/Policy&gt;
-        
-&lt;Policy wsu:Id="p2" &gt;
-  &lt;PolicyReference URI="#p3"/&gt;
-  &lt;PolicyReference URI="#p3"/&gt;
-&lt;/Policy&gt;
-        
-&lt;Policy wsu:Id="p3" &gt;
-  &lt;PolicyReference URI="#p4"/&gt;
-  &lt;PolicyReference URI="#p4"/&gt;
-&lt;/Policy&gt;
-        
-&lt;!-- Policy/@wsu:Id p4 through p99 --&gt;
-        
-&lt;Policy wsu:Id="p100" &gt;
-  &lt;PolicyReference URI="#p101"/&gt;
-  &lt;PolicyReference URI="#p101"/&gt;
-&lt;/Policy&gt;
-        
-&lt;Policy wsu:Id="p101" &gt;
-  &lt;mtom:OptimizedMimeSerialization /&gt;
-&lt;/Policy&gt;</pre></div>
-        </div>
-        <p>Malicious providers may provide a policy expression that includes multiple
-          PolicyReference elements that use a large number of different internet addresses. These
-          may require the consumers to establish a large number of TCP connections. Policy
-          implementers need to anticipate such rogue providers and use a configurable bound with
-          defaults on number of PolicyReference elements per policy expression.</p>
-      </div>
-      <div class="div2">
-        
-<h3><a name="general-xml-considerations"></a>A.6 General XML Considerations</h3>
-        <p>Implementers of Web Services policy language should be careful to protect their software
-          against general XML threats like deeply nested XML or XML that contains malicious
-        content.</p>
-      </div>
-    </div>
-    <div class="div1">
-      
-<h2><a name="xml-namespaces"></a>B. XML Namespaces</h2>
+<h2><a name="xml-namespaces"></a>A. XML Namespaces</h2>
       <p>The table below lists XML Namespaces that are used in this document. The choice of any
         namespace prefix is arbitrary and not semantically significant.</p>
       <a name="nsprefix"></a><table summary="Prefixes and XML Namespaces used in this specification" border="1" cellspacing="0" cellpadding="5">
-        <caption>Table B-1. Prefixes and XML Namespaces used in this specification.</caption>
+        <caption>Table A-1. Prefixes and XML Namespaces used in this specification.</caption>
         <thead>
           <tr>
             <th rowspan="1" colspan="1">Prefix</th>
@@ -2078,7 +1974,7 @@
     </div>
     <div class="div1">
       
-<h2><a name="references"></a>C. References</h2>
+<h2><a name="references"></a>B. References</h2>
       <dl>
         <dt class="label"><a name="MTOM"></a>[MTOM] </dt><dd>
           <cite><a href="http://www.w3.org/TR/2005/REC-soap12-mtom-20050125/">SOAP Message Transmission Optimization Mechanism</a></cite>, M. Gudgin, N.
@@ -2162,7 +2058,7 @@
     </div> 
 <div class="div1">
   
-<h2><a name="acknowledgments"></a>D. Acknowledgements (Non-Normative)</h2>
+<h2><a name="acknowledgments"></a>C. Acknowledgements (Non-Normative)</h2>
 
   <p>This document is the work of the <a href="http://www.w3.org/2002/ws/policy/">W3C Web Services Policy
   Working Group</a>.</p>
@@ -2181,7 +2077,7 @@
 </div>
  <div class="div1">
       
-<h2><a name="change-description"></a>E. Changes in this Version of the Document (Non-Normative)</h2>
+<h2><a name="change-description"></a>D. Changes in this Version of the Document (Non-Normative)</h2>
       <p>A list of substantive changes since the previous publication is below:</p>
       <ul>
         <li><p>Replaced URI with IRI.</p></li>
@@ -2189,7 +2085,7 @@
     </div>
     <div class="div1">
       
-<h2><a name="change-log"></a>F. Web Services Policy 1.5 - Primer Change Log (Non-Normative)</h2>
+<h2><a name="change-log"></a>E. Web Services Policy 1.5 - Primer Change Log (Non-Normative)</h2>
       <a name="ws-policy-primer-changelog-table"></a><table border="1">
         <tbody>
           <tr>
@@ -2221,7 +2117,15 @@
              to add versioning material to primer.             	
             </td>
           </tr>
-
+          <tr>
+            <td rowspan="1" colspan="1">20060924</td>
+            <td rowspan="1" colspan="1">TIB</td>
+            <td rowspan="1" colspan="1">Implemented the 
+              <a href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/35">editorial action 35</a> 
+              to move the Security Considerations section to the Framework document.
+            </td>
+          </tr>
+          
         </tbody>
       </table><br>
     </div>

Index: ws-policy-primer.xml
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- ws-policy-primer.xml	25 Sep 2006 03:57:33 -0000	1.7
+++ ws-policy-primer.xml	25 Sep 2006 04:14:03 -0000	1.8
@@ -2084,7 +2084,6 @@
              to add versioning material to primer.             	
             </td>
           </tr>
-          </tr>   
           <tr>
             <td>20060924</td>
             <td>TIB</td>
Received on Monday, 25 September 2006 04:14:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:27:49 UTC