W3C home > Mailing lists > Public > public-ws-policy@w3.org > July 2006

Re: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL

From: Anthony Nadalin <drsecure@us.ibm.com>
Date: Tue, 18 Jul 2006 05:02:10 -0600
To: "Toufic Boubez" <tboubez@layer7tech.com>, "public-ws-policy" <public-ws-policy@w3.org>
Message-ID: <OF6ACF2715.E8E58109-ON872571AF.003C9FE3@us.ibm.com>
Isn't this out of scope as there are many ways to specify conflicting options

-----------------
Sent from Tony's BlackBerry.


----- Original Message -----
From: public-ws-policy-request
Sent: 07/17/2006 11:02 PM
To: <public-ws-policy@w3.org>
Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL

Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL
 
Description - If the security policy assertion requires the use of HTTPS transport level security and WSDL port address uses HTTP scheme, what is the best practice guidance for requestors?
 
Target - WS-Policy Attachment 1.5? Primer?
 
Proposal - Not sure if I have an absolute proposal, but I'll get the ball rolling: I propose that if there is a conflict, that since presumably the policy authors are a better authority as to what policies should exist for a service, whereas the WSDL might have been automatically generated by a tool or a developer, the policy assertion takes precedence.
 
Toufic Boubez, Ph.D.
Chief Technology Officer
 
LAYER 7 TECHNOLOGIES / Advancing the application network.
604.681.9377 x310 (w)   604.288.7970 (m)
tboubez@layer7tech.com <mailto:tboubez@layer7tech.com>  (e)  www.layer7tech.com (w)
Received on Tuesday, 18 July 2006 11:02:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:40 GMT