- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 24 Jul 2006 09:17:44 -0400
- To: ext Asir Vedamuthu <asirveda@microsoft.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, <public-ws-policy@w3.org>
To summarize what you said, If an assertion is allowed to have nested policy, then it MUST have a wsp:Policy child, always. I think this should be stated more clearly. Thus the edge case should never occur, since the version without the wsp:Policy child would be in error. regards, Frederick Frederick Hirsch Nokia On Jul 23, 2006, at 11:15 PM, ext Asir Vedamuthu wrote: > Hi Frederick, > >> An empty policy element should be >> removed upon normalization > > If an assertion description allows a nested policy expression and the > provider decides not to qualify this assertion with nested policy > assertions, the assertion MUST include an empty Policy element [1]. > >> <assertion /> and <assertion><policy /></assertion> >> should mean > > This is a theoretical edge case. I am not aware of a case where an > assertion description prescribes a nested policy expression and > does not > require a provider/requestor to use the nested policy expression. > > [1] > http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy- > framework.h > tml?content-type=text/html;%20charset=utf-8#Policy_Assertion_Nesting > > Regards, > > Asir S Vedamuthu > Microsoft Corporation > > -----Original Message----- > From: public-ws-policy-request@w3.org > [mailto:public-ws-policy-request@w3.org] On Behalf Of Frederick Hirsch > Sent: Tuesday, July 11, 2006 9:26 AM > To: public-ws-policy@w3.org > Cc: Frederick Hirsch > Subject: NEW ISSUE: Normalization should make empty nested policy > elements equivalent to policy statements without nested policy element > > > Title - Normalization should make empty nested policy elements > equivalent to policy statements without nested policy element > > Description - An empty policy element should be removed upon > normalization > > Justification - Need to define additional normalization step to > enable interoperability. > > I initially raised this issue in WS-SX (Security Policy) [1], but it > should be addressed in WS-Policy. > > The WS-SecurityPolicy spec states (at line 372) "An assertion with an > empty nested policy does not intersect with the same assertion > without nested policy." > > Since both mean exactly the same thing, this opens a possibility for > policy interop issues. > > <assertion /> and <assertion><policy /></assertion> should mean the > same thing. An engine should treat them as equal, and the > normalization process should account for this. > > Target - WS-Policy Framework [2] > > Proposal - add new section to 4.3, "Nested Policy Normalization", > with following as the text in the section: > > "Any nested policy element of the form <assertion><wsp:Policy /></ > assertion> will be normalized by removing the policy element, > producing <assertion /> as the normal form. An empty policy element > SHOULD NOT have attributes but if it does, they will be ignored and > the element removed." > > Test Case - > > The intersection of the following two policy expressions should match > as true: > > <wsp:Policy > xmlns:test="http://www.example.com/example" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" > > <test:SimpleAssertion /> > </wsp:Policy> > > <wsp:Policy > xmlns:test="http://www.example.com/example" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" > > <test:SimpleAssertion><wsp:Policy /></test:SimpleAssertion> > </wsp:Policy> > > regards, Frederick > > Frederick Hirsch > Nokia > > [1] Related Work, WS-SX Issue 87, http://docs.oasis-open.org/ws-sx/ > issues/Issues.xml#i087 > > [2] http://www.w3.org/Submission/WS-Policy/ > > >
Received on Monday, 24 July 2006 13:18:59 UTC