- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 18 Jan 2007 23:23:00 +0000
- To: public-ws-policy-eds@w3.org
Update of /sources/public/2006/ws/policy
In directory hutz:/tmp/cvs-serv30975
Modified Files:
ws-policy-primer.html ws-policy-primer.xml
Log Message:
Implemented the resolution for issue 4041 ( http://www.w3.org/Bugs/Public/show_bug.cgi?id=4041 ) resolution ( http://www.w3.org/2007/01/18-ws-policy-irc#T22-09-36 ) corresponding to Editors' action 143. (http://www.w3.org/2005/06/tracker/wspolicyeds/actions/143)
Index: ws-policy-primer.html
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.html,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -d -r1.31 -r1.32
--- ws-policy-primer.html 8 Jan 2007 17:20:41 -0000 1.31
+++ ws-policy-primer.html 18 Jan 2007 23:22:56 -0000 1.32
@@ -60,7 +60,7 @@
complete normative description of the Web Services Policy language. </p></div><div>
<h2><a name="status">Status of this Document</a></h2><p><strong>This document is an editors' copy that has
no official standing.</strong></p><p></p></div><hr><div class="toc">
-<h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#introduction">Introduction</a><br>2. <a href="#basic-concepts-policy-expression">Basic Concepts: Policy Expression</a><br> 2.1 <a href="#web-services-policy">Web Services Policy</a><br> 2.2 <a href="#simple-message">Simple Message</a><br> 2.3 <a href="#secure-message">Secure Message</a><br> 2.4 <a href="#other-assertions">Other Assertions</a><br> 2.5 <a href="#combining-policy-assertions">Combining Policy Assertions</a><br> 2.6 <a href="#optional-policy-assertion">Optional Policy Assertion</a><br> 2.7 <a href="#nested-policy-expressions">Nested Policy Expressions</a><br> 2.8 <a href="#Referencing_Policy_Expressions">Referencing Policy Expressions</a><br> 2.9 <a href="#attaching-policy-expressions-to-wsdl">Attaching Policy Expresions to WSDL</a><br> 2.10 <a href="#policy-automates-web-services-interaction">Policy Automates Web Services Interaction</a><br>3. <a href="#advanced-concepts-policy-expression">Advanced Concepts: Policy Expression</a><br> 3.1 <a href="#policy-expression">Policy Expression</a><br> 3.2 <a href="#normal-form-for-policy-expressions">Normal Form for Policy Expressions</a><br> 3.3 <a href="#policy-data-model">Policy Data Model</a><br> 3.4 <a href="#compatible-policies">Compatible Policies</a><br> 3.5 <a href="#attaching-policy-expressions-to-wsdl2">Attaching Policy Expressions to WSDL</a><br> 3.6 <a href="#policy-retrieval">Policy Retrieval</a><br> 3.7 <a href="#combine-policies">Combine Policies</a><br> 3.8 <a href="#extensibility-and-versioning">Extensibility and Versioning</a><br> 39 <a href="#parts-of-a-policy-assertion">Parts of a Policy Assertion</a><br> 3.10 <a href="#versioning-policy-language">Versioning Policy Language</a><br> 3.10.1 <a href="#versioning-policy-framework">Policy Framework</a><br> 3.10.2 <a href="#versioning-policy-attachment">Policy Attachment</a><br>4. <a href="#conclusion">Conclusion</a><br></p>
+<h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#introduction">Introduction</a><br>2. <a href="#basic-concepts-policy-expression">Basic Concepts: Policy Expression</a><br> 2.1 <a href="#web-services-policy">Web Services Policy</a><br> 2.2 <a href="#simple-message">Simple Message</a><br> 2.3 <a href="#secure-message">Secure Message</a><br> 2.4 <a href="#other-assertions">Other Assertions</a><br> 2.5 <a href="#combining-policy-assertions">Combining Policy Assertions</a><br> 2.6 <a href="#optional-policy-assertion">Optional Policy Assertion</a><br> 2.7 <a href="#ignorable-policy-assertions">Ignorable Policy Expressions</a><br> 2.8 <a href="#nested-policy-expressions">Nested Policy Expressions</a><br> 2.9 <a href="#Referencing_Policy_Expressions">Referencing Policy Expressions</a<br> 2.10 <a href="#attaching-policy-expressions-to-wsdl">Attaching Policy Expressions to WSDL</a><br> 2.11 <a href="#policy-automates-web-services-interaction">Policy Automates Web Services Interaction</a><br>3. <a href="#advanced-concepts-policy-expression">Advanced Concepts: Policy Expression</a><br> 3.1 <a href="#policy-expression">Policy Expression</a><br> 3.2 <a href="#normal-form-for-policy-expressions">Normal Form for Policy Expressions</a><br> 3.3 <a href="#policy-data-model">Policy Data Model</a><br> 3.4 <a href="#compatible-policies">Compatible Policies</a><br> 3.4.1 <a href="#strict-lax-policy-intersection">Strict and Lax Policy Intersection</a><br> 3.5 <a href="#attaching-policy-expressions-to-wsdl2">Attaching Policy Expressions to WSDL</a><br> 3.6 <a href="#policy-rerieval">Policy Retrieval</a><br> 3.7 <a href="#combine-policies">Combine Policies</a><br> 3.8 <a href="#extensibility-and-versioning">Extensibility and Versioning</a><br> 3.9 <a href="#parts-of-a-policy-assertion">Parts of a Policy Assertion</a><br> 3.10 <a href="#versioning-policy-language">Versioning Policy Language</a><br> 3.10.1 <a href="#versioning-policy-framework">Policy Framework</a><br> 3.10.2 <a href="#versioning-policy-attachment">Policy Attachment</a><br>4. <a href="#conclusion">Conclusion</a><br></p>
<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#security-considerations">Security Considerations</a><br>B. <a href="#xml-namespaces">XML Namespaces</a><br>C. <a href="#references">References</a><br>D. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>E. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>F. <a href="#change-log">Web Services Policy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body"><div class="div1">
<h2><a name="introduction"></a>1. Introduction</h2><p>This document, <em>Web Services Policy 1.5 - Primer</em>, provides an introductory description of the
Web Services Policy language and should be read alongside the formal descriptions contained
@@ -291,7 +291,31 @@
</All></pre></div></div><p>Contoso is able to meet their customer needs by adding optional support for the Optimized
MIME Serialization. An optional policy assertion represents a behavior that may be
engaged.</p></div><div class="div2">
-<h3><a name="nested-policy-expressions"></a>2.7 Nested Policy Expressions</h3><p>In the previous sections, we considered two security policy assertions. In this section,
+<h3><a name="ignorable-policy-assertions"></a>2.7 Ignorable Policy Expressions</h3><p>
+ Suppose Contoso decides that it will log SOAP messages sent and received in an exchange.
+ This behavior has no direct impact on the messages sent on the wire, and does not affect interoperability.
+ Some parties might have a concern about such logging and might decide not to interact with Contoso knowing
+ that such logging is performed. To address this concern, Contoso includes a Logging assertion in its policy to enable
+ such parties to be aware of logging. By marking the Logging assertion with the <code class="attr">wsp:Ignorable</code> attribute with a
+ value of "true" Contoso indicates that a requester may choose to either ignore such assertions or to consider
+ them as part of policy intersection. An assertion that may be ignored for policy intersection is called an
+ ignorable assertion.
+ </p><p>
+ The <code class="attr">wsp:Ignorable</code> attribute allows providers to clearly indicate which policy assertions indicate behaviors that
+ don’t manifest on the wire and may not be of concern to a requester when determining policy compatibility.
+ Using the <code class="attr">wsp:Optional</code> attribute would be incorrect in this scenario, since it would indicate that the behavior
+ would not occur if the alternative without the assertion were selected.
+ </p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-11. </span>Ignorable Logging Policy Assertion</i></p><div class="exampleInner"><pre><log:Logging wsp:Ignorable="true" /></pre></div></div><p>
+ The attribute <code class="attr">wsp:Ignorable</code> is of type <em>xs:boolean</em>.
+ Omitting this attribute is semantically equivalent to including it with a value of "false".
+ </p><p>
+ The use of the <code class="attr">wsp:Ignorable</code> attribute has no impact on normalization.
+ Assertions marked with the <code class="attr">wsp:Ignorable</code> attribute remain marked with the <code class="attr">wsp:Ignorable</code> attribute
+ after normalization.
+ Ignorable assertions may have an impact on determining compatibility of policies
+ (See <a href="#strict-lax-policy-intersection"><b>3.4.1 Strict and Lax Policy Intersection</b></a> ).
+ </p></div><div class="div2">
+<h3><a name="nested-policy-expressions"></a>2.8 Nested Policy Expressions</h3><p>In the previous sections, we considered two security policy assertions. In this section,
let us look at one of the security policy assertions in little more detail.</p><p>As you would expect, securing messages is a complex usage scenario. Contoso uses the
<code>sp:TransportBinding</code> policy assertion to indicate the use of transport-level
security for protecting messages. Just indicating the use of transport-level security for
@@ -314,7 +338,7 @@
the <code>sp:TransportBinding</code> policy assertion. The <code>sp:TransportToken</code>
assertion requires the use of a specific transport token and further qualifies the
behavior of the <code>sp:TransportBinding</code> policy assertion (which already requires
- the use of transport-level security for protecting messages).</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-11. </span>Transport Security Policy Assertion</i></p><div class="exampleInner"><pre><sp:TransportBinding>
+ the use of transport-level security for protecting messages).</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-12. </span>Transport Security Policy Assertion</i></p><div class="exampleInner"><pre><sp:TransportBinding>
<Policy>
<sp:TransportToken>
<Policy>
@@ -338,7 +362,7 @@
transport-level security and its dependent behaviors automatically. That is, the
complexity of security usage is absorbed by a policy-aware client and hidden from these
Web service developers.</p></div><div class="div2">
-<h3><a name="Referencing_Policy_Expressions"></a>2.8 Referencing Policy Expressions</h3><p>Contoso has numerous Web service offerings that provide different kinds of real-time
+<h3><a name="Referencing_Policy_Expressions"></a>2.9 Referencing Policy Expressions</h3><p>Contoso has numerous Web service offerings that provide different kinds of real-time
quotes and book information on securities such as
<code>GetRealQuote</code>, <code>GetRealQuotes</code> and
<code>GetExtendedRealQuote</code>. To accommodate the diversity of Contoso’s customers,
@@ -350,7 +374,7 @@
policy or within another policy expression. There are three mechanisms to identify a policy
expression: the <code>wsu:Id</code> <code>xml:id</code> and <code>Name</code> attributes. A
<code>PolicyReference</code> element can be used to reference a policy expression
- identified using either of these mechanisms.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-12. </span>Common Policy Expression</i></p><div class="exampleInner"><pre><Policy wsu:Id=”common”>
+ identified using either of these mechanisms.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-13. </span>Common Policy Expression</i></p><div class="exampleInner"><pre><Policy wsu:Id=”common”>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
<wsap:UsingAddressing />
</Policy></pre></div></div><p>In the example above, the <code>wsu:Id</code> attribute is used to identify a policy
@@ -361,7 +385,7 @@
<code>http://real.contoso.com/policy.xml#common. (</code>The absolute IRI is formed by
combining the document IRI, <code>#</code> and the value of the <code>wsu:Id</code>
attribute.)</p><p> In addition to the Example 2-12, Contoso could have used either the xml:id or wsu:Id.
- An example of the use of xml:id similar to that of wsu:Id is shown in Example 2-13. </p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-13. </span>Common Policy Expression [xml:id]</i></p><div class="exampleInner"><pre><Policy xml:id=”common”>
+ An example of the use of xml:id similar to that of wsu:Id is shown in Example 2-13. </p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-14. </span>Common Policy Expression [xml:id]</i></p><div class="exampleInner"><pre><Policy xml:id=”common”>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
<wsap:UsingAddressing />
</Policy></pre></div></div><p> Conditions and constraints on the use of the |xml:id| attribute in conjunction with Canonical
@@ -369,12 +393,12 @@
Significant care is suggested in the use of xml:id.
</p><p>For re-use, a <code>PolicyReference</code> element can be used to reference a policy
expression as a standalone policy or within another policy expression. The example below
- is a policy expression that re-uses the common policy expression above.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-14. </span>PolicyReference to Common Policy Expression</i></p><div class="exampleInner"><pre><PolicyReference URI="#common"/></pre></div></div><p>For referencing a policy expression within the same XML document, Contoso uses the
+ is a policy expression that re-uses the common policy expression above.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-15. </span>PolicyReference to Common Policy Expression</i></p><div class="exampleInner"><pre><PolicyReference URI="#common"/></pre></div></div><p>For referencing a policy expression within the same XML document, Contoso uses the
<code>wsu:Id</code> attribute for identifying a policy expression and an IRI to this ID
value for referencing this policy expression using a <code>PolicyReference</code> element.</p><p>The example below is a policy expression that re-uses the common policy expression within
another policy expression. This policy expression requires the use of addressing, one of
transport- or message-level security for protecting messages and allows the use of
- optimization.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-15. </span>Secure Policy Expression</i></p><div class="exampleInner"><pre><Policy wsu:Id=”secure”>
+ optimization.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-16. </span>Secure Policy Expression</i></p><div class="exampleInner"><pre><Policy wsu:Id=”secure”>
<All>
<PolicyReference URI="#common"/>
<ExactlyOne>
@@ -388,11 +412,11 @@
resides in. As such, referencing a policy expression using the <code>Name</code> attribute
relies on additional out of band information. In the example below, the <code>Name</code>
attribute identifies the policy expression. The IRI of this policy expression is
- <code>http://real.contoso.com/policy/common</code>.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-16. </span>Common Policy Expression</i></p><div class="exampleInner"><pre><Policy Name=”http://real.contoso.com/policy/common”>
+ <code>http://real.contoso.com/policy/common</code>.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-17. </span>Common Policy Expression</i></p><div class="exampleInner"><pre><Policy Name=”http://real.contoso.com/policy/common”>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
<wsap:UsingAddressing />
-</Policy></pre></div></div><p>The example below is a policy expression that re-uses the common policy expression above.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-17. </span>PolicyReference to Common Policy Expression</i></p><div class="exampleInner"><pre><PolicyReference URI="http://real.contoso.com/policy/common"/></pre></div></div></div><div class="div2">
-<h3><a name="attaching-policy-expressions-to-wsdl"></a>2.9 Attaching Policy Expressions to WSDL</h3><p>A majority of Contoso’s customers use WSDL for building their client applications.
+</Policy></pre></div></div><p>The example below is a policy expression that re-uses the common policy expression above.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-18. </span>PolicyReference to Common Policy Expression</i></p><div class="exampleInner"><pre><PolicyReference URI="http://real.contoso.com/policy/common"/></pre></div></div></div><div class="div2">
+<h3><a name="attaching-policy-expressions-to-wsdl"></a>2.10 Attaching Policy Expressions to WSDL</h3><p>A majority of Contoso’s customers use WSDL for building their client applications.
Contoso leverages this usage by attaching policy expressions to the WSDL binding
descriptions.</p><p>In the example below, the <code>SecureBinding</code> WSDL binding description defines a
binding for an interface that provides real-time quotes and book information on
@@ -404,7 +428,7 @@
expression attached to the <code>SecureBinding</code> WSDL binding description applies to
any message exchange associated with any <code>port</code> that supports this binding
description. This includes all the message exchanges described by operations in the
- <code>RealTimeDataInterface</code>.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-18. </span>Secure Policy Expression Attached to WSDL Binding</i></p><div class="exampleInner"><pre><wsdl:binding name="SecureBinding" type="tns:RealTimeDataInterface" >
+ <code>RealTimeDataInterface</code>.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-19. </span>Secure Policy Expression Attached to WSDL Binding</i></p><div class="exampleInner"><pre><wsdl:binding name="SecureBinding" type="tns:RealTimeDataInterface" >
<PolicyReference URI="#secure" />
<wsdl:operation name="GetRealQuote">…</wsdl:operation>
…
@@ -414,7 +438,7 @@
<code>GetDelayedQuotes,</code>
<code>GetSymbol</code> and <code>GetSymbols</code>). Contoso does not require the use of
security for these services, but requires the use of addressing and allows the use of
- optimization.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-19. </span>Open Policy Expression Attached to WSDL Binding</i></p><div class="exampleInner"><pre><wsdl:binding name="OpenBinding" type="tns:DelayedDataInterface" >
+ optimization.</p><div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 2-20. </span>Open Policy Expression Attached to WSDL Binding</i></p><div class="exampleInner"><pre><wsdl:binding name="OpenBinding" type="tns:DelayedDataInterface" >
<PolicyReference URI="#common" />
<wsdl:operation name="GetDelayedQuote">…</wsdl:operation>
…
@@ -440,7 +464,7 @@
documents and engages behaviors automatically for each of these endpoints. Any complexity
of varying behaviors across Web service endpoints is absorbed by a policy-aware client or
tool and hidden from these Web service developers.</p></div><div class="div2">
-<h3><a name="policy-automates-web-services-interaction"></a>2.10 Policy Automates Web Services Interaction</h3><p>As you have seen, Web Services Policy is a simple language that has four elements -
+<h3><a name="policy-automates-web-services-interaction"></a>2.11 Policy Automates Web Services Interaction</h3><p>As you have seen, Web Services Policy is a simple language that has four elements -
<code>Policy, All</code>, <code>ExactlyOne</code> and <code>PolicyReference</code> - and
one attribute - <code>wsp:Optional</code>. In practice, service providers, like Contoso,
use policy expressions to represent combinations of capabilities and requirements. Web
@@ -656,7 +680,29 @@
of Contoso’s policy alternative is compatible with the client’s policy alternative.</p><p>For this interaction, the developer’s policy-aware client can use policy alternative (a) to
satisfy Contoso’s conditions or requirements.</p><p>Similarly, policy intersection can be used to check if providers expose endpoints that
conform to a standard policy. For example, a major retailer might require all their
- supplier endpoints to be compatible with an agreed upon policy.</p></div><div class="div2">
+ supplier endpoints to be compatible with an agreed upon policy.</p><div class="div3">
+<h4><a name="strict-lax-policy-intersection"></a>3.4.1 Strict and Lax Policy Intersection</h4><p>
+ The previous sections outlined how the normal-form of a policy expression relate to the policy data model and how the
+ compatibility of requester and provider policies may be determined.
+ This section outlines how ignorable assertions may impact the process of determining compatibility.
+ </p><p>
+ In order to determine compatibility of its policy expression with a provider policy expression, a
+ requester may use either a "lax" or "strict" mode of the intersection algorithm.
+ </p><p>
+ In the strict intersection mode two policy alternatives are compatible when each assertion in one is compatible with an
+ assertion in the other, and vice versa. For this to be possible they must share the same policy alternative vocabulary.
+ The strict intersection mode is the mode of intersection discussed in the previous sections of this document.
+ When using the strict intersection mode ignorable assertions are part of the policy alternative vocabulary, so the
+ <code class="attr">wsp:Ignorable</code> attribute does not impact the intersection result even when the <code class="attr">wsp:Ignorable</code>
+ attribute value is “true”.
+ </p><p>
+ If a requester wishes to ignore ignorable assertions in a provider's policy, then the requester should use the lax
+ intersection mode. In the lax intersection mode all ignorable assertions (i.e. with the value "true" for the
+ <code class="attr">wsp:Ignorable</code> attribute) are to be ignored by the intersection algorithm. Thus in the lax intersection mode
+ two policy alternatives are compatible when each non-ignorable assertion in one is compatible with an assertion in the
+ other, and vice versa. For this to be possible the two policy alternatives must share a policy alternative vocabulary for
+ all “non-ignorable” assertions.
+ </p></div></div><div class="div2">
<h3><a name="attaching-policy-expressions-to-wsdl2"></a>3.5 Attaching Policy Expressions to WSDL</h3><p>In <a href="#basic-concepts-policy-expression"><b>2. Basic Concepts: Policy Expression</b></a>, we looked into how Contoso attached
their policy expressions to the WSDL <code>binding</code> element. In addition to the WSDL
<code>binding</code> element, a policy expression can be attached to other WSDL elements
@@ -712,7 +758,7 @@
imported WSDL documents constitute separate XML documents each. If e.g. the
importing WSDL document references a policy in the imported WSDL document, the
rules for policy references between separate XML documents apply as described
- in <a href="#Referencing_Policy_Expressions"><b>2.8 Referencing Policy Expressions</b></a>.
+ in <a href="#Referencing_Policy_Expressions"><b>2.9 Referencing Policy Expressions</b></a>.
</p></div><div class="div2">
<h3><a name="combine-policies"></a>3.7 Combine Policies</h3><p>Multiple policy expressions may be attached to WSDL constructs. Let us consider how
Contoso could have used multiple policy expressions in a WSDL document. In the example
@@ -1016,7 +1062,7 @@
</td><td rowspan="1" colspan="1">[<cite><a href="#WSDL11">WSDL 1.1</a></cite>]</td></tr><tr><td rowspan="1" colspan="1">
<code>wsp</code>
</td><td rowspan="1" colspan="1">
- <code>http://www.w3.org/@@@@/@@/ws-policy</code>
+ <code>http://www.w3.org/ns/ws-policy</code>
</td><td rowspan="1" colspan="1">[<cite><a href="#WS-Policy">Web Services Policy Framework</a></cite>, <cite><a href="#WS-PolicyAttachment">Web Services Policy Attachment</a></cite>]</td></tr><tr><td rowspan="1" colspan="1">
<code>wss</code>
</td><td rowspan="1" colspan="1">
@@ -1211,4 +1257,8 @@
<a href="http://lists.w3.org/Archives/Public/public-ws-policy/2006Dec/0081.html">as outlined.</a>
Editors' action <a href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/110">110</a>.
</td></tr><tr><td rowspan="1" colspan="1">20070108</td><td rowspan="1" colspan="1">ASV</td><td rowspan="1" colspan="1">Reset Section <a href="#change-description"><b>E. Changes in this Version of the Document</b></a>.
+ </td></tr><tr><td rowspan="1" colspan="1">20070118</td><td rowspan="1" colspan="1">FJH</td><td rowspan="1" colspan="1">Implemented the resolution for
+ <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=4041">issue 4041</a>
+ <a href="http://www.w3.org/2007/01/18-ws-policy-irc#T22-09-36">resolution</a> corresponding to
+ Editors' action <a href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/143">143</a>.
</td></tr></tbody></table><br></div></div></body></html>
\ No newline at end of file
Index: ws-policy-primer.xml
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.xml,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- ws-policy-primer.xml 8 Jan 2007 17:20:42 -0000 1.27
+++ ws-policy-primer.xml 18 Jan 2007 23:22:56 -0000 1.28
@@ -437,6 +437,41 @@
MIME Serialization. An optional policy assertion represents a behavior that may be
engaged.</p>
</div2>
+ <div2 id="ignorable-policy-assertions">
+ <head>Ignorable Policy Expressions</head>
+ <p>
+ Suppose Contoso decides that it will log SOAP messages sent and received in an exchange.
+ This behavior has no direct impact on the messages sent on the wire, and does not affect interoperability.
+ Some parties might have a concern about such logging and might decide not to interact with Contoso knowing
+ that such logging is performed. To address this concern, Contoso includes a Logging assertion in its policy to enable
+ such parties to be aware of logging. By marking the Logging assertion with the <att>wsp:Ignorable</att> attribute with a
+ value of "true" Contoso indicates that a requester may choose to either ignore such assertions or to consider
+ them as part of policy intersection. An assertion that may be ignored for policy intersection is called an
+ ignorable assertion.
+ </p>
+ <p>
+ The <att>wsp:Ignorable</att> attribute allows providers to clearly indicate which policy assertions indicate behaviors that
+ don’t manifest on the wire and may not be of concern to a requester when determining policy compatibility.
+ Using the <att>wsp:Optional</att> attribute would be incorrect in this scenario, since it would indicate that the behavior
+ would not occur if the alternative without the assertion were selected.
+ </p>
+ <example>
+ <head>Ignorable Logging Policy Assertion</head>
+ <eg xml:space="preserve"><log:Logging wsp:Ignorable="true" /></eg>
+ </example>
+ <p>
+ The attribute <att>wsp:Ignorable</att> is of type <emph>xs:boolean</emph>.
+ Omitting this attribute is semantically equivalent to including it with a value of "false".
+ </p>
+ <p>
+ The use of the <att>wsp:Ignorable</att> attribute has no impact on normalization.
+ Assertions marked with the <att>wsp:Ignorable</att> attribute remain marked with the <att>wsp:Ignorable</att> attribute
+ after normalization.
+ Ignorable assertions may have an impact on determining compatibility of policies
+ (See <specref ref="strict-lax-policy-intersection" /> ).
+ </p>
+ </div2>
+
<div2 id="nested-policy-expressions">
<head>Nested Policy Expressions</head>
<p>In the previous sections, we considered two security policy assertions. In this section,
@@ -932,6 +967,8 @@
</div2>
<div2 id="compatible-policies">
<head>Compatible Policies</head>
+
+
<p>A provider, like Contoso, and a requester, like the policy-aware client used in our example, may represent
their capabilities and requirements for an interaction as policies and want to limit their
message exchanges to mutually compatible policies. Web Services Policy defines an
@@ -1000,6 +1037,33 @@
<p>Similarly, policy intersection can be used to check if providers expose endpoints that
conform to a standard policy. For example, a major retailer might require all their
supplier endpoints to be compatible with an agreed upon policy.</p>
+
+ <div3 id="strict-lax-policy-intersection">
+ <head>Strict and Lax Policy Intersection</head>
+ <p>
+ The previous sections outlined how the normal-form of a policy expression relate to the policy data model and how the
+ compatibility of requester and provider policies may be determined.
+ This section outlines how ignorable assertions may impact the process of determining compatibility.
+ </p>
+ <p>
+ In order to determine compatibility of its policy expression with a provider policy expression, a
+ requester may use either a "lax" or "strict" mode of the intersection algorithm.
+ </p><p>
+ In the strict intersection mode two policy alternatives are compatible when each assertion in one is compatible with an
+ assertion in the other, and vice versa. For this to be possible they must share the same policy alternative vocabulary.
+ The strict intersection mode is the mode of intersection discussed in the previous sections of this document.
+ When using the strict intersection mode ignorable assertions are part of the policy alternative vocabulary, so the
+ <att>wsp:Ignorable</att> attribute does not impact the intersection result even when the <att>wsp:Ignorable</att>
+ attribute value is “true”.
+ </p><p>
+ If a requester wishes to ignore ignorable assertions in a provider's policy, then the requester should use the lax
+ intersection mode. In the lax intersection mode all ignorable assertions (i.e. with the value "true" for the
+ <att>wsp:Ignorable</att> attribute) are to be ignored by the intersection algorithm. Thus in the lax intersection mode
+ two policy alternatives are compatible when each non-ignorable assertion in one is compatible with an assertion in the
+ other, and vice versa. For this to be possible the two policy alternatives must share a policy alternative vocabulary for
+ all “non-ignorable” assertions.
+ </p>
+ </div3>
</div2>
<div2 id="attaching-policy-expressions-to-wsdl2">
<head>Attaching Policy Expressions to WSDL</head>
@@ -1967,7 +2031,16 @@
<td>ASV</td>
<td>Reset Section <specref ref="change-description"/>.
</td>
- </tr>
+ </tr>
+ <tr>
+ <td>20070118</td>
+ <td>FJH</td>
+ <td>Implemented the resolution for
+ <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=4041">issue 4041</loc>
+ <loc href="http://www.w3.org/2007/01/18-ws-policy-irc#T22-09-36">resolution</loc> corresponding to
+ Editors' action <loc href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/143">143</loc>.
+ </td>
+ </tr>
</tbody>
</table>
</inform-div1>
Received on Thursday, 18 January 2007 23:23:06 UTC