- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 5 Dec 2006 09:00:57 -0500
- To: public-ws-policy@w3.org
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>, Cotton Paul <pcotton@microsoft.com>
This message (and the corresponding update to bugzilla 3953 are for this action noted in the previous agenda: > d) 3953 - Remove language that use of security policy assertions > forces >nested assertions for other domains, Frederick > http://www.w3.org/Bugs/Public/show_bug.cgi?id=3953 > http://lists.w3.org/Archives/Public/public-ws-policy/2006Nov/0039.html > Status: Frederick to update proposal against more recent Guidelines > doc. Updated bug 3953: <http://www.w3.org/Bugs/Public/show_bug.cgi?id=3953> In latest revision of Guidelines [1], the full text in section 6 is: "Domain authors must be aware of the interactions between their domain and other domains. For example, security assertions interact with other protocol assertions in a composition. Although modeling protocol assertions may appear to be an independent behavior, protocol assertions and security assertions affect transport bindings and their interactions must be considered. For example utilization of WS-Security Policy with other protocols affects transport bindings and would result in nested policy assertions when additional protocols are composed with WS-Security 2004. Thus, domain authors should be aware of the compositional semantics with other related domains. The protocol assertions that require composition with WS- Security should be particularly aware of the nesting requirements on top of transport level security." (a) In particular, the following sentence needs more elaboration: "For example utilization of WS-Security Policy with other protocols affects transport bindings and would result in nested policy assertions when additional protocols are composed with WS-Security 2004." Which other protocols? Why should independent security headers affect other non-security SOAP headers? Which policy assertions would become nested because of an interaction, headers in another domain? A paragraph explaining (with an example) the issue in reliable messaging would help. It isn't obvious which assertions would become nested in which, so a concrete example could make the issue clearer. (b) In addition, the following sentence needs clarification: "The protocol assertions that require composition with WS-Security should be particularly aware of the nesting requirements on top of transport level security."" What nesting requirements? Proposal i) add "can" to second sentence: "For example, security assertions can interact with other protocol assertions in a composition" ii) replace "WS-Security Policy" with "WS-SecurityPolicy" (editorial) iii) Add text to clarify and answer questions associated with (a) and (b) above. regards, Frederick Frederick Hirsch Nokia [1] http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy- guidelines.html?rev=1.11
Received on Tuesday, 5 December 2006 14:01:44 UTC