W3C home > Mailing lists > Public > public-ws-policy-qa@w3.org > September 2006

[Bug 3753] Example 1-1 is not a complete security policy

From: <bugzilla@wiggum.w3.org>
Date: Tue, 19 Sep 2006 15:00:54 +0000
CC:
To: public-ws-policy-qa@w3.org
Message-Id: <E1GPh5i-0000Ns-7w@wiggum.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=3753

           Summary: Example 1-1 is not a complete security policy
           Product: WS-Policy
           Version: PR
          Platform: Macintosh
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Framework
        AssignedTo: ritzmann@sun.com
        ReportedBy: ritzmann@sun.com
         QAContact: public-ws-policy-qa@w3.org


Title

Example 1-1 is not a complete security policy


Description

Example 1-1 shows a simple policy with two security policy assertions in lines
03 and 04. According to WS-SecurityPolicy 1.2, section 7.1, these security
policy assertions must be encapsulated by a policy that is nested inside an
AlgorithmSuite assertion. The enclosing AlgorithmSuite assertions as well as
suitable top-level assertions containing the AlgorithmSuite assertions are
missing from example 1-1.

The examples in the following chapters build on this first example. Despite
extensive research we did not find a policy that is sufficiently simple, can
serve as a basis for the other examples, and still is a valid policy. We should
still point out that the example given is an incomplete policy that only serves
to illustrate how a policy could look like.


Justification

An example of a policy that claims to display a security policy but in fact
violates the constraints of WS-SecurityPolicy causes unnecessary confusion
among readers of both specifications.


Target

Web Services Policy Framework, section 1.2, example 1-1


Proposal

Replace "The following example illustrates a security policy expression using
assertions defined in WS-SecurityPolicy WS-SecurityPolicy?:"

by "The following example illustrates a security policy expression using
assertions defined in WS-SecurityPolicy WS-SecurityPolicy? rather than a
complete security policy:"
Received on Tuesday, 19 September 2006 15:01:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:08 GMT