W3C home > Mailing lists > Public > public-ws-policy@w3.org > September 2006

RE: NEW ISSUE 3753: Example 1-1 is not a complete security policy

From: Daniel Roth <Daniel.Roth@microsoft.com>
Date: Mon, 25 Sep 2006 15:29:42 -0700
To: Anthony Nadalin <drsecure@us.ibm.com>, Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>
CC: "public-ws-policy@w3.org" <public-ws-policy@w3.org>, "public-ws-policy-request@w3.org" <public-ws-policy-request@w3.org>
Message-ID: <E2903CF1E4B5B144B559237FDFB291CE0B450FD4@NA-EXMSG-C117.redmond.corp.microsoft.com>
This looks good to me.  I suggested we assign this one over to the editors.

Daniel Roth

________________________________
From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Anthony Nadalin
Sent: Wednesday, September 20, 2006 1:12 AM
To: Fabian Ritzmann
Cc: public-ws-policy@w3.org; public-ws-policy-request@w3.org
Subject: Re: NEW ISSUE 3753: Example 1-1 is not a complete security policy


Instead for changing the wording I suggest the following using the following example

01) <wsp:Policy
        xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
        xmlns:wsp="http://www.w3.org/@@@@/@@/policy" >
(02)   <wsp:ExactlyOne>
(03)     <wsp:All>
(04)       <sp:SignedParts>
       <sp:Body />
           </sp:SignedParts>
(05)     </wsp:All>
(06)     <wsp:All>
(07)       <sp:EncryptedParts>
       <sp:Body />
           </sp:EncryptedParts>
(08)     </wsp:All>
(09)   </wsp:ExactlyOne>
(10) </wsp:Policy>


Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
[cid:image001.gif@01C6E0B7.6C369030]Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>

Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>
Sent by: public-ws-policy-request@w3.org

09/19/2006 10:08 AM


To


public-ws-policy@w3.org


cc




Subject


NEW ISSUE 3753: Example 1-1 is not a complete security policy









http://www.w3.org/Bugs/Public/show_bug.cgi?id=3753

Title

Example 1-1 is not a complete security policy


Description

Example 1-1 shows a simple policy with two security policy assertions in
lines 03 and 04. According to WS-SecurityPolicy 1.2, section 7.1, these
security policy assertions must be encapsulated by a policy that is
nested inside an AlgorithmSuite assertion. The enclosing AlgorithmSuite
assertions as well as suitable top-level assertions containing the
AlgorithmSuite assertions are missing from example 1-1.

The examples in the following chapters build on this first example.
Despite extensive research we did not find a policy that is sufficiently
simple, can serve as a basis for the other examples, and still is a
valid policy. We should still point out that the example given is an
incomplete policy that only serves to illustrate how a policy could look
like.


Justification

An example of a policy that claims to display a security policy but in
fact violates the constraints of WS-SecurityPolicy causes unnecessary
confusion among readers of both specifications.


Target

Web Services Policy Framework, section 1.2, example 1-1


Proposal

Replace "The following example illustrates a security policy expression
using assertions defined in WS-SecurityPolicy [WS-SecurityPolicy]:"

by "The following example illustrates a security policy expression using
assertions defined in WS-SecurityPolicy [WS-SecurityPolicy] rather than
a complete security policy:"





image001.gif
(image/gif attachment: image001.gif)

image002.gif
(image/gif attachment: image002.gif)

image003.gif
(image/gif attachment: image003.gif)

Received on Monday, 25 September 2006 22:32:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:41 GMT