W3C home > Mailing lists > Public > public-ws-policy@w3.org > September 2006

Re: NEW ISSUE (3639) Which policy alternative was selected?

From: Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>
Date: Wed, 27 Sep 2006 14:32:41 +0300
To: "public-ws-policy@w3.org" <public-ws-policy@w3.org>
Message-id: <451A6159.2070906@Sun.COM>
Here are security policy samples where the applicable policy alternative 
can not be reliably determined from an incoming message. The WSDL with 
the policies is attached. This is in response to action item 115 that 
was assigned to Monica Martin.

For an incoming message the security layer infers the policy from the 
message. The inferred policy will then be compared against the list of 
available alternatives. A simple example, which attempts to show 
ambiguity in the policy to be selected.

In the attached example , we have a policy alternative at the binding 
level. Everything is the same except one assertion WSS10 and WSS11.  If 
RequireSignatureConfirmation element under WSS11 assertion is set then 
SignatureConfirmation element must be sent back to the client. If the 
server happen to select the alternative which has WSS10 and Client had 
selected alternative with WSS11 assertion it be an error as the client 
would expect SignatureConfirmation element in the response from the server.

Fabian



Received on Wednesday, 27 September 2006 11:32:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:41 GMT