RE: Bug 3577

I agree with Glen that creating generic policy processors in the context
of the Framework is not possible, but I don't see this as a problem.
 
The specification provides neither the language to write domain-specific
policy assertions nor the comprehensive capabilities to deal with the
domain-specific semantics. The specification does not go beyond
providing some recommendations to domain authors on how to create
domain-specific assertions in the section 3.1, and rightfully so in my
opinion. Otherwise that may potentially raise the complexity to the
level of artificial intelligence.
 
Also, a policy processor may or may not support a policy domain. One
would expect the logical consequences of a policy engine, not supporting
certain policy domains, at the policy enforcement stage. I don't see
this as an interoperability issue. 
 
I agree with Fabian and Monica that the Policy Domain should be defined
in the Framework specification. My understanding is that the Editors are
already planning to do so. The question to the Editors: should a new
issue (Policy Domain definition) be created? 
 
I'd add one more option to the list, proposed by Glen, and leave the
assertion iteration/vocabulary issues, brought by Fabian and Monica, out
of the scope.

Option 4:
- Leave section 4.4 as-is 
- Provide Policy Domain definition in the specification

Regards,
 
Yakov Sverdlov
CA

-----Original Message-----
From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of Monica J. Martin
Sent: Wednesday, August 23, 2006 11:42 AM
To: public-ws-policy@w3.org
Cc: Fabian Ritzmann; gdaniels@progress.com
Subject: re: Bug 3577



>re: b) Semantics of successful intersection determined by
domain-specific assertion content, Glen D
>http://www.w3.org/Bugs/Public/show_bug.cgi?id=3577
>
mm1: Regarding this issue:

> Section 4.4 of the WS-Policy spec [1] states that domain-specific 
> processing may need to be performed in order to determine the 
> intersection of two policies.  This means that generic Policy 
> processors (tools, etc) cannot have any guarantee of successfully 
> calculating the intersection without appropriate extensions/plugins 
> being available for all domain-specific assertions.

The task of finding appropriate extensions/plugins for intersection is 
complicated by the fact that any policy processor needs to iterate 
through every single assertion in the policy in order to determine the 
vocabulary and the domains used in the policy. Have we considered 
stating the domains a policy up front? Hopefully we can start to engage 
this discussion today. Thanks.

Fabian Ritzmann
Monica J. Martin

Received on Thursday, 24 August 2006 17:48:00 UTC