W3C home > Mailing lists > Public > public-ws-policy@w3.org > July 2006

RE: NEW ISSUE: Normalization should make empty nested policy elements equivalent to policy statements without nested policy element

From: Asir Vedamuthu <asirveda@microsoft.com>
Date: Sun, 23 Jul 2006 20:15:54 -0700
Message-ID: <4DF3D07B9910264B9470DA1F811D1A950AE0636D@RED-MSG-43.redmond.corp.microsoft.com>
To: "Frederick Hirsch" <frederick.hirsch@nokia.com>, <public-ws-policy@w3.org>

Hi Frederick,

> An empty policy element should be
> removed upon normalization

If an assertion description allows a nested policy expression and the
provider decides not to qualify this assertion with nested policy
assertions, the assertion MUST include an empty Policy element [1].

> <assertion /> and <assertion><policy /></assertion> 
> should mean

This is a theoretical edge case. I am not aware of a case where an
assertion description prescribes a nested policy expression and does not
require a provider/requestor to use the nested policy expression.

[1]
http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-framework.h
tml?content-type=text/html;%20charset=utf-8#Policy_Assertion_Nesting 

Regards,
 
Asir S Vedamuthu
Microsoft Corporation

-----Original Message-----
From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of Frederick Hirsch
Sent: Tuesday, July 11, 2006 9:26 AM
To: public-ws-policy@w3.org
Cc: Frederick Hirsch
Subject: NEW ISSUE: Normalization should make empty nested policy
elements equivalent to policy statements without nested policy element


Title - Normalization should make empty nested policy elements  
equivalent to policy statements without nested policy element

Description - An empty policy element should be removed upon  
normalization

Justification - Need to define additional normalization step to  
enable interoperability.

I initially raised this issue in WS-SX (Security Policy) [1], but it  
should be addressed in WS-Policy.

The WS-SecurityPolicy spec states (at line 372) "An assertion with an  
empty nested policy does not intersect with the same assertion  
without nested policy."

Since both mean exactly the same thing, this opens a possibility for  
policy interop issues.

<assertion /> and <assertion><policy /></assertion> should mean the  
same thing. An engine should treat them as equal, and the  
normalization process should account for this.

Target - WS-Policy Framework [2]

Proposal - add new section to 4.3, "Nested Policy Normalization",  
with following as the text in the section:

"Any nested policy element of the form <assertion><wsp:Policy /></ 
assertion> will be normalized by removing the policy element,  
producing <assertion /> as the normal form. An empty policy element  
SHOULD NOT have attributes but if it does, they will be ignored and  
the element removed."

Test Case -

The intersection of the following two policy expressions should match  
as true:

  <wsp:Policy
   xmlns:test="http://www.example.com/example"
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" >
   <test:SimpleAssertion />
  </wsp:Policy>

<wsp:Policy
   xmlns:test="http://www.example.com/example"
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" >
   <test:SimpleAssertion><wsp:Policy /></test:SimpleAssertion>
  </wsp:Policy>

regards, Frederick

Frederick Hirsch
Nokia

[1] Related Work, WS-SX Issue 87, http://docs.oasis-open.org/ws-sx/ 
issues/Issues.xml#i087

[2] http://www.w3.org/Submission/WS-Policy/
Received on Monday, 24 July 2006 03:17:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:40 GMT