RE: RE: RE: NEW ISSUE (3639) Which policy alternative was selected? from Yalcinalp, Umit on 2006-10-04 (public-ws-policy@w3.org from October 2006)

From: Yalcinalp, Umit <umit.yalcinalp@sap.com>
Date: Wed, 4 Oct 2006 13:34:35 -0700
To: "Daniel Roth" <Daniel.Roth@microsoft.com>, "Fabian Ritzmann" <Fabian.Ritzmann@Sun.COM>, <public-ws-policy@w3.org>
Message-ID: <2BA6015847F82645A9BB31C7F9D64165024DE339@uspale20.pal.sap.corp>
 

> -----Original Message-----
> From: public-ws-policy-request@w3.org 
> [mailto:public-ws-policy-request@w3.org] On Behalf Of Daniel Roth
> Sent: Wednesday, Oct 04, 2006 11:43 AM
> To: Yalcinalp, Umit; Fabian Ritzmann; public-ws-policy@w3.org
> Subject: RE: RE: RE: NEW ISSUE (3639) Which policy 
> alternative was selected?
> 
> 
> > a logical endpoint which would normally have multiple 
> alternatives will
> > essentially get deployed to multiple endpoints with a 
> single alternative
> > assigned to each
> 
> You can still have multiple alternatives for a given 
> endpoint.  Those alternatives just need to be unambiguous.  
> For example, you can use a transaction header to figure out 
> if you are using an alternative that requires transactions.

Yes, you are right. I should have qualified the description. I should
have said that the alternatives are expressed in different endpoints if
the messages are not self describing to ensure that ambiguity does not
arise. 
 
> 
> Daniel Roth

--umit

> 
> -----Original Message-----
> From: public-ws-policy-request@w3.org 
> [mailto:public-ws-policy-request@w3.org] On Behalf Of Yalcinalp, Umit
> Sent: Wednesday, October 04, 2006 11:40 AM
> To: Daniel Roth; Fabian Ritzmann; public-ws-policy@w3.org
> Subject: RE: RE: NEW ISSUE (3639) Which policy alternative 
> was selected?
> 
> 
> More specifically, there are two choices:
> 
> (a) Remove essentially the alternatives to exist. Assign a different
> alternative to a different endpoint. So, a logical endpoint 
> which would
> normally have multiple  alternatives will essentially get deployed to
> multiple endpoints with a single alternative assigned to each. In
> essence, there is no alternative to disambiquate because the 
> presence of
> alternatives are removed.
> 
> This is disambiguation by deployment not by runtime.
> 
> (b) Additional protocol headers geared specific to WS-Policy assertion
> selection are added (SOAP, etc.) so that in a message exchange these
> additional headers disambiquate clearly which alternate is in effect.
> 
> This is disambiguation by runtime.
> 
> 
> There is no standard protocol headers(or I should say publicized
> protocol) that handles (b).
> 
> --umit
> 
> 
> 
> > -----Original Message-----
> > From: public-ws-policy-request@w3.org
> > [mailto:public-ws-policy-request@w3.org] On Behalf Of Daniel Roth
> > Sent: Wednesday, Oct 04, 2006 10:43 AM
> > To: Fabian Ritzmann; public-ws-policy@w3.org
> > Subject: RE: RE: NEW ISSUE (3639) Which policy alternative
> > was selected?
> >
> >
> > Resending.
> >
> > Daniel Roth
> > -----Original Message-----
> > From: public-ws-policy-request@w3.org
> > [mailto:public-ws-policy-request@w3.org] On Behalf Of Daniel Roth
> > Sent: Thursday, September 28, 2006 8:54 AM
> > To: Fabian Ritzmann; public-ws-policy@w3.org
> > Subject: RE: NEW ISSUE (3639) Which policy alternative was selected?
> >
> >
> > Hi Fabian,
> >
> > Thanks for posting your example.
> >
> > This is just another example of what we already discussed at
> > the F2F.  The policy combinators (All, ExactlyOne) are very
> > powerful and it is very easy to construct policies that have
> > no reasonable implementation.  When you use multiple policy
> > alternatives it may be ambiguous which policy alternative has
> > been applied.
> >
> > There are multiple ways of disambiguating which policy
> > alternative is being used.  Publishing multiple endpoints is
> > one way (this is how we do it in WCF).  Another way is to add
> > another protocol to signal the selected alternative.  What
> > technique you use is implementation specific.
> >
> > Daniel Roth
> >
> > -----Original Message-----
> > From: public-ws-policy-request@w3.org
> > [mailto:public-ws-policy-request@w3.org] On Behalf Of 
> Fabian Ritzmann
> > Sent: Wednesday, September 27, 2006 4:33 AM
> > To: public-ws-policy@w3.org
> > Subject: Re: NEW ISSUE (3639) Which policy alternative was selected?
> >
> > Here are security policy samples where the applicable policy
> > alternative
> > can not be reliably determined from an incoming message. 
> The WSDL with
> > the policies is attached. This is in response to action 
> item 115 that
> > was assigned to Monica Martin.
> >
> > For an incoming message the security layer infers the 
> policy from the
> > message. The inferred policy will then be compared against 
> the list of
> > available alternatives. A simple example, which attempts to show
> > ambiguity in the policy to be selected.
> >
> > In the attached example , we have a policy alternative at 
> the binding
> > level. Everything is the same except one assertion WSS10 and
> > WSS11.  If
> > RequireSignatureConfirmation element under WSS11 assertion 
> is set then
> > SignatureConfirmation element must be sent back to the 
> client. If the
> > server happen to select the alternative which has WSS10 and 
> Client had
> > selected alternative with WSS11 assertion it be an error as 
> the client
> > would expect SignatureConfirmation element in the response
> > from the server.
> >
> > Fabian
> >
> >
> >
> >
> 
> 
>
Received on Wednesday, 4 October 2006 20:29:53 UTC