More information: Justification - This issue was raised by the WS-Policy interop in April 2006 in Germany. Reference - http://www.w3.org/2006/07/13-ws-policy-minutes.html#action32 Toufic Boubez, Ph.D. Chief Technology Officer LAYER 7 TECHNOLOGIES / Advancing the application network. 604.681.9377 x310 (w) 604.288.7970 (m) tboubez@layer7tech.com <mailto:tboubez@layer7tech.com> (e) www.layer7tech.com (w) ________________________________ From: public-ws-policy-request@w3.org on behalf of Toufic Boubez Sent: Mon 7/17/2006 10:02 PM To: public-ws-policy@w3.org Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL Description - If the security policy assertion requires the use of HTTPS transport level security and WSDL port address uses HTTP scheme, what is the best practice guidance for requestors? Target - WS-Policy Attachment 1.5? Primer? Proposal - Not sure if I have an absolute proposal, but I'll get the ball rolling: I propose that if there is a conflict, that since presumably the policy authors are a better authority as to what policies should exist for a service, whereas the WSDL might have been automatically generated by a tool or a developer, the policy assertion takes precedence. Toufic Boubez, Ph.D. Chief Technology Officer LAYER 7 TECHNOLOGIES / Advancing the application network. 604.681.9377 x310 (w) 604.288.7970 (m) tboubez@layer7tech.com <mailto:tboubez@layer7tech.com> (e) www.layer7tech.com (w)Received on Tuesday, 18 July 2006 14:29:47 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:40 GMT