RE: Simplifying the meaning of assertions and wsp:optional from Yalcinalp, Umit on 2006-10-02 (public-ws-policy@w3.org from October 2006)

From: Yalcinalp, Umit <umit.yalcinalp@sap.com>
Date: Sun, 1 Oct 2006 17:37:23 -0700
To: "Sergey Beryozkin" <sergey.beryozkin@iona.com>, <public-ws-policy@w3.org>
Message-ID: <2BA6015847F82645A9BB31C7F9D6416502417EEC@uspale20.pal.sap.corp>
A Big -1 to dropping Optionality. It is completely backwards
incompatible with the current practice and existing assertions. Our
charter indicates that we should retain backwards compatibility as a
goal. 
 
Explaination of what it is should not require us to drop the
functionality. 
 
I will write more about some wording suggestings in a different email.  
 
--umit
 


________________________________

	From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of Sergey Beryozkin
	Sent: Friday, Sep 29, 2006 9:05 AM
	To: public-ws-policy@w3.org
	Subject: Simplifying the meaning of assertions and wsp:optional 
	
	
	Hi there
	 
	After reading and reflecting on a lot of interesting messages on
what wsp:optional means, on what is the differences between requirements
and capabilities are and what provideres and requestors should do about
various types of assertions, I'd like to offer to your attention a
modest proposal on simplifying the way assertions and wsp:optional are
covered in the WS-Policy Framework and primer/policy guidelines. This is
all really based on what I've learnt form the others while reading those
emails and from the spec... 
	 
	The following is how (in a simplistic way) we might want to talk
about assertions and wsp:optional.
	 
	1. Any policy assertion, either marked as optional or not, is
first and foremost is a requirement. It's a requirement to a requester
to understand it and do something about it. What is it that a requester
should do is part of a policy assertion documentation/spec. 
	In many cases a requirement would require a requester to make a
commitment to engage in some kind of activity (direct or out-of-band)
during the interaction.
	Alternatively, a requirement can simply be "to understand it and
use it for choosing a given provider among other providers". In a sense,
a requester should do nothing here but use it during the selection
process, and this in itself encapsulates a requirement : an ability to
use it during the selction process.
	 
	Requirement is a capability and should be used interchangeably.
It's a capability because it is something a provider knows about and can
do something about. It's a requirement because a client needs to do
something about it (engaing in a behavior, using for selction, etc )
	 
	2. Assertion may or may not be optional. This *only* means that
a requester is given an option to ignore a given requirement. No
assertion can be ignored by a provider. Provider is guaranteed to
support all assertions. Optionality is something which is only for a
requester to worry about.
	 
	3. Assertions must be understood by both parties. Spec says
about it already, but it's worth highlighting it.
	 
	Given above 3 points, we can state that an assertion like
sp:HttpsToken and oasis:replyInTenSecs are equal WS-Policy citizens
because in both cases there's something a client can do about them. In
the former case
	a client will understand that it needs to use HTTPs in order to
be able to talk a provider. In the latter case a client will understand
that a service is very responsive and might use this fact as a basis for
choosing this provider among others.
	 
	Now about wsp:optional (based on above 3 points).
	 
	Two options are proposed :
	Option1. Retain wsp:optional but explain that wsp:optional is
just a syntactic shortcut to nominate a requirement as being optional
for a requester to understand/do anything about. As well captured
elsewhere, at the moment an optional "capability" in a compact form
suddenly becomes a requirement in a normal form. This is confusing.
wsp:optional is a way to nominate an optional requirement. 
	 
	Option2. (Preferred) Drop wsp:optional altogether. Why ? Because
IMHO it doesn't bring anything useful but the complexity. It makes it
more complex for a policy engine to convert a policy alternative from a
compact form to a normal one, and for policy authors to understand how
to work with it and when it's appropriate to use it. 
	Lets explain clearly that for a given assertion/requirement be
optional it should be avalable in one alternative and not in the other
one and this is all... It will add a bt more work for a policy author,
but IMHO not a lot.
	 
	Finally :
	 
	Point 2 above refers to oasis:replyIn10Secs assertion. A client
can not really do  something about it as far as the interaction is
concerned, but it still can do something about it : use it to select a
provider, for ex. For such assertions not to interfere with those
policy-aware clients which are not aware of what oasis:replyIn10Secs
means and which may or may not have some priory polic requirements, we
should recommend that when possible, policy authors should attempt to
give an option to ignore such assertions by using policy alternatives as
appropriate. Note no 'optional' qualifier is used here :-)
	 
	So that's it... Does it make it a bit simplier ? Criticize away
please :-)
	 
	 
	Cheers, 
	Sergey Beryozkin
	Iona Technologies
Received on Monday, 2 October 2006 00:32:45 UTC