W3C home > Mailing lists > Public > public-ws-policy@w3.org > July 2006

Re: NEW ISSUE: Normalization should make empty nested policy elements equivalent to policy statements without nested policy element

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 24 Jul 2006 09:17:44 -0400
Message-Id: <A08C53CA-8597-4B1D-8696-F7B4E655DC7F@nokia.com>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, <public-ws-policy@w3.org>
To: ext Asir Vedamuthu <asirveda@microsoft.com>

To summarize what you said,

If an assertion is allowed to have nested policy, then it MUST have a  
wsp:Policy child, always. I think this should be stated more clearly.

Thus the edge case should never occur, since the version without the  
wsp:Policy child would be in error.

regards, Frederick

Frederick Hirsch
Nokia


On Jul 23, 2006, at 11:15 PM, ext Asir Vedamuthu wrote:

> Hi Frederick,
>
>> An empty policy element should be
>> removed upon normalization
>
> If an assertion description allows a nested policy expression and the
> provider decides not to qualify this assertion with nested policy
> assertions, the assertion MUST include an empty Policy element [1].
>
>> <assertion /> and <assertion><policy /></assertion>
>> should mean
>
> This is a theoretical edge case. I am not aware of a case where an
> assertion description prescribes a nested policy expression and  
> does not
> require a provider/requestor to use the nested policy expression.
>
> [1]
> http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy- 
> framework.h
> tml?content-type=text/html;%20charset=utf-8#Policy_Assertion_Nesting
>
> Regards,
>
> Asir S Vedamuthu
> Microsoft Corporation
>
> -----Original Message-----
> From: public-ws-policy-request@w3.org
> [mailto:public-ws-policy-request@w3.org] On Behalf Of Frederick Hirsch
> Sent: Tuesday, July 11, 2006 9:26 AM
> To: public-ws-policy@w3.org
> Cc: Frederick Hirsch
> Subject: NEW ISSUE: Normalization should make empty nested policy
> elements equivalent to policy statements without nested policy element
>
>
> Title - Normalization should make empty nested policy elements
> equivalent to policy statements without nested policy element
>
> Description - An empty policy element should be removed upon
> normalization
>
> Justification - Need to define additional normalization step to
> enable interoperability.
>
> I initially raised this issue in WS-SX (Security Policy) [1], but it
> should be addressed in WS-Policy.
>
> The WS-SecurityPolicy spec states (at line 372) "An assertion with an
> empty nested policy does not intersect with the same assertion
> without nested policy."
>
> Since both mean exactly the same thing, this opens a possibility for
> policy interop issues.
>
> <assertion /> and <assertion><policy /></assertion> should mean the
> same thing. An engine should treat them as equal, and the
> normalization process should account for this.
>
> Target - WS-Policy Framework [2]
>
> Proposal - add new section to 4.3, "Nested Policy Normalization",
> with following as the text in the section:
>
> "Any nested policy element of the form <assertion><wsp:Policy /></
> assertion> will be normalized by removing the policy element,
> producing <assertion /> as the normal form. An empty policy element
> SHOULD NOT have attributes but if it does, they will be ignored and
> the element removed."
>
> Test Case -
>
> The intersection of the following two policy expressions should match
> as true:
>
>   <wsp:Policy
>    xmlns:test="http://www.example.com/example"
>    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" >
>    <test:SimpleAssertion />
>   </wsp:Policy>
>
> <wsp:Policy
>    xmlns:test="http://www.example.com/example"
>    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" >
>    <test:SimpleAssertion><wsp:Policy /></test:SimpleAssertion>
>   </wsp:Policy>
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
> [1] Related Work, WS-SX Issue 87, http://docs.oasis-open.org/ws-sx/
> issues/Issues.xml#i087
>
> [2] http://www.w3.org/Submission/WS-Policy/
>
>
>
Received on Monday, 24 July 2006 13:18:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:40 GMT