W3C home > Mailing lists > Public > public-ws-policy@w3.org > October 2006

RE: New Issue 3793: Add example about policies in the context of relationships between multiple entities

From: Sverdlov, Yakov <Yakov.Sverdlov@ca.com>
Date: Wed, 4 Oct 2006 11:19:57 -0400
Message-ID: <ACE36C31EA815A4CBA7EBECA186C0D41CBC1E8@USILMS13.ca.com>
To: "Paul Cotton" <Paul.Cotton@microsoft.com>, "Anthony Nadalin" <drsecure@us.ibm.com>
Cc: <public-ws-policy@w3.org>, <public-ws-policy-request@w3.org>
I agree that it would be very beneficial to describe some scenarios from
the WS-SX interop draft or, at least, to reference the interop doc in
the Primer. The main reason I created the fictitious and abbreviated
assertions was to illustrate how to handle the "requester versus
provider" and "requirements versus capabilities" issues. I could not
find a comparable (and short) example in the section 4.Client and
Service Security Bindings. I totally missed the version 08 of the
interop.

 

Regards,

 

Yakov Sverdlov

CA

________________________________

From: Paul Cotton [mailto:Paul.Cotton@microsoft.com] 
Sent: Wednesday, October 04, 2006 10:45 AM
To: Anthony Nadalin; Sverdlov, Yakov
Cc: public-ws-policy@w3.org; public-ws-policy-request@w3.org
Subject: RE: New Issue 3793: Add example about policies in the context
of relationships between multiple entities

 

The scenarios document that Tony's referring to is attached to the OASIS
WS-SX message at [1].

 

/paulc

 

[1] http://lists.oasis-open.org/archives/ws-sx/200609/msg00051.html 

 

Paul Cotton, Microsoft Canada
17 Eleanor Drive, Ottawa, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329
mailto:Paul.Cotton@microsoft.com




________________________________

From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of Anthony Nadalin
Sent: October 4, 2006 9:44 AM
To: Sverdlov, Yakov
Cc: public-ws-policy@w3.org; public-ws-policy-request@w3.org
Subject: Re: New Issue 3793: Add example about policies in the context
of relationships between multiple entities

 

So I have a better idea (or at least a different idea), we (the WSSX TC)
have now a draft of a scenarios document that describes our interop
scenarios and this is now annotated with WS-SecurityPolicy assertions, I
suggest that we take those scenarios.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
 "Sverdlov, Yakov" <Yakov.Sverdlov@ca.com>

"Sverdlov, Yakov" <Yakov.Sverdlov@ca.com> 
Sent by: public-ws-policy-request@w3.org 

10/04/2006 08:27 AM

 

To

 
<public-ws-policy@w3.org>



cc





Subject


New Issue 3793: Add example about policies in the context of
relationships between multiple entities

 






I wanted to send this proposal before the today's optionality tar ball
so as to provide additional context. The purpose of the proposal is to
add an example in the Primer (probably in the section 2.5 Combining
Policy Assertions or 3.3 Policy Data Model) about dealing with
requirements and capabilities of entities as [optional] behaviors in the
most basic use case for requester and provider. I am suggesting the
outline of the use case. I can come up with the actual text if the WG
will agree with the approach. 

The example may describe policy design for the WS-Security token
authentication scheme when only two entities - requester and provider -
are involved. The following four policy assertions with respect to the
corresponding entities may be considered:
1. "The provider only accepts WS-Security tokens as means of the
authentication"
2. "The provider may accept WS-Security tokens as means of the
authentication" (optional="true")
3. "The requester must attach the WS-Security token to a message"
4. "The requester may attach the WS-Security token to a message"
(optional="true")

I think that briefly describing some combinations of one or more
assertions above will provide policy designers with a good understanding
of policy assertion choices and possible policy enforcement
implications. The example would also show that typically any policy
assertion should deal with one entity at a time, and that combinations
of assertions (behaviors) would allow the designers to cover
relationships/dependencies between entities.

Regards,

Yakov Sverdlov
CA




image003.gif
(image/gif attachment: image003.gif)

image002.gif
(image/gif attachment: image002.gif)

image001.gif
(image/gif attachment: image001.gif)

Received on Wednesday, 4 October 2006 15:20:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:42 GMT