RE: ACTION-48 update

I meant that an audit/diagnostic policy may describe a requirement on an entity (web service provider, for example) without a second party (requester) involved.

Thanks,
Yakov

-----Original Message-----
From: Asir Vedamuthu [mailto:asirveda@microsoft.com] 
Sent: Wednesday, October 18, 2006 10:08 AM
To: Sverdlov, Yakov; Maryann Hondo; public-ws-policy@w3.org
Subject: RE: ACTION-48 update

> It may just specify a particular requirement on an entity without any interaction involved

I can't think of a reason why capabilities and requirements are expressed as policies if there isn't any interaction.

Regards,
 
Asir S Vedamuthu
Microsoft Corporation



From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Sverdlov, Yakov
Sent: Wednesday, October 11, 2006 4:48 AM
To: Maryann Hondo; public-ws-policy@w3.org
Subject: RE: ACTION-48 update

"Applied to a Web services based system, policy is used to convey conditions on the interaction between two Web service endpoints"

In general, I think the proposed text for the first paragraph in section 3.4, is better than the current text. The only (minor) concern I have is that the proposed text looks too restrictive. A policy may not necessarily be used "to convey conditions on the interaction..." It may just specify a particular requirement on an entity without any interaction involved - let's say "log something every 30 seconds".

I would consider changing the proposed text from "policy is used to convey conditions on the interaction..." to "policy may be used to convey conditions on the interaction..."

Regards,

Yakov Sverdlov
CA


________________________________________
From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Maryann Hondo
Sent: Tuesday, October 10, 2006 6:57 PM
To: public-ws-policy@w3.org
Subject: ACTION-48 update



In summary, we propose a  resolution for ACTION-48 (related to http://www.w3.org/Bugs/Public/show_bug.cgi?id=3705): 
============================================================================================= 
Title: Clarify what an interaction represents in a Web services based system and provide guidance that assertion authors must define the interaction scope of an assertion 
 
Description: Section 3.4 in the WS-Policy Framework spec currently contains the following text [1]: 
 
Applied in the Web services based system, policy is used to convey conditions on an interaction between entities (requester application, provider service, Web infrastructure component, etc). Any entity in a Web services based system may expose a policy to convey conditions under which it functions. Satisfying assertions in the policy usually results in behavior that reflects these conditions. For example, if two entities - requester and provider - expose their policies, a requester might use the policy of the provider to decide whether or not to use the service. A requester may choose any alternative since each is a valid configuration for interaction with the service, but a requester MUST choose only a single alternative for an interaction with a service since each represents an alternative configuration. 
 
This text does not clearly define what an "interaction between entities" in a Web services based system is. 
-------------- 

Also, policy assertion authors need to define the scope of the interactions that an assertion applies to, including the policy subjects to which the assertion may be attached and the messages within the interaction scope.   This guidance should be in the Guidance for Policy Assertion Authors doc. 

Description: Section 2.1.1 in the Policy Assertions Guidelines document contains the following text: 

WS-Policy Domain authors must also specify how to associate the assertions they have defined with the policy subjects identified by the WS-Policy attachment specification. An example of this is also provided by the WS-Security Policy specification in Appendix A. 

Justification: 
 
It is not clear from the current text that an interaction between entities involves one or more messages between two entities.   
 
We need to make sure that we provide guidance to policy assertion authors on how to clearly define their assertions.   
 
Proposal: 
 
New text for the first paragraph in section 3.4 of the WS-Policy spec: 

3.4 Policies of Entities in a Web Services Based System 
Applied to a Web services based system, policy is used to convey conditions on  the interaction between two Web service endpoints.  An interaction involves one or more message exchanges between two entities(requester application, provider service, Web infrastructure component, etc). It is the responsiblity of assertion authors to define the interaction scope of an assertion including any constraints on the policy subjects to which the assertion may be attached and a clear specification of the message(s) within that interaction scope to which the assertion applies. 

Any entity in a Web services based system may expose a policy to convey conditions under which it functions. Satisfying assertions in the policy usually results in behavior that reflects these conditions. For example, if two entities - requester and provider - expose their policies, a requester might use the policy of the provider to decide whether or not to use the service. A requester may choose any alternative since each is a valid configuration for interaction with the service, but a requester MUST choose only a single alternative for an interaction with a service since each represents an alternative configuration. 

New text for the Guidelines Document:
An important part of defining assertions is documenting the interaction scope of the assertions. There are several attachment mechanisms defined in the WS-PolicyAttachement specification and assertion authors are responsible for defining assertions and their policy subjects.  An example of how this might be accomplished can be seen in the WS-Security Policy specification Appendix A.  In this section the WS-SecurityPolicy authors have classified the assertions according to their suggested scope. 

Received on Wednesday, 18 October 2006 15:06:11 UTC