- From: <bugzilla@wiggum.w3.org>
- Date: Tue, 19 Sep 2006 15:00:54 +0000
- To: public-ws-policy-qa@w3.org
- CC:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=3753
Summary: Example 1-1 is not a complete security policy
Product: WS-Policy
Version: PR
Platform: Macintosh
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Framework
AssignedTo: ritzmann@sun.com
ReportedBy: ritzmann@sun.com
QAContact: public-ws-policy-qa@w3.org
Title
Example 1-1 is not a complete security policy
Description
Example 1-1 shows a simple policy with two security policy assertions in lines
03 and 04. According to WS-SecurityPolicy 1.2, section 7.1, these security
policy assertions must be encapsulated by a policy that is nested inside an
AlgorithmSuite assertion. The enclosing AlgorithmSuite assertions as well as
suitable top-level assertions containing the AlgorithmSuite assertions are
missing from example 1-1.
The examples in the following chapters build on this first example. Despite
extensive research we did not find a policy that is sufficiently simple, can
serve as a basis for the other examples, and still is a valid policy. We should
still point out that the example given is an incomplete policy that only serves
to illustrate how a policy could look like.
Justification
An example of a policy that claims to display a security policy but in fact
violates the constraints of WS-SecurityPolicy causes unnecessary confusion
among readers of both specifications.
Target
Web Services Policy Framework, section 1.2, example 1-1
Proposal
Replace "The following example illustrates a security policy expression using
assertions defined in WS-SecurityPolicy WS-SecurityPolicy?:"
by "The following example illustrates a security policy expression using
assertions defined in WS-SecurityPolicy WS-SecurityPolicy? rather than a
complete security policy:"
Received on Tuesday, 19 September 2006 15:01:02 UTC