W3C home > Mailing lists > Public > public-ws-policy@w3.org > January 2007

RE: NEW ISSUE 4130: Ignorable assertions must be ignored

From: Anthony Nadalin <drsecure@us.ibm.com>
Date: Wed, 10 Jan 2007 21:16:24 -0600
To: Prasad Yendluri <prasad.yendluri@webmethods.com>
Cc: Ashok Malhotra <ashok.malhotra@oracle.com>, Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>, public-ws-policy@w3.org, public-ws-policy-request@w3.org, Sergey Beryozkin <sergey.beryozkin@iona.com>
Message-ID: <OF3C8756B1.882BB3E7-ON86257260.00119F1E-86257260.0011FB43@us.ibm.com>





ahh, but who is the policy consumer, in a case of privacy policy there are
2 consumers, so who decides lax or strict ?

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122


                                                                           
             Prasad Yendluri                                               
             <prasad.yendluri@                                             
             webmethods.com>                                            To 
                                       Anthony Nadalin/Austin/IBM@IBMUS,   
             01/10/2007 01:29          Fabian Ritzmann                     
             PM                        <Fabian.Ritzmann@Sun.COM>           
                                                                        cc 
                                       Ashok Malhotra                      
                                       <ashok.malhotra@oracle.com>,        
                                       Fabian.Ritzmann@Sun.COM,            
                                       public-ws-policy@w3.org,            
                                       public-ws-policy-request@w3.org,    
                                       Sergey Beryozkin                    
                                       <sergey.beryozkin@iona.com>         
                                                                   Subject 
                                       RE: NEW ISSUE 4130: Ignorable       
                                       assertions must be ignored          
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




It is the policy consumer that decides which, i.e. Strict or Lax matching
to use. So, I think the consumer still has the option to ignore.


From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of Anthony Nadalin
Sent: Wednesday, January 10, 2007 11:15 AM
To: Fabian Ritzmann
Cc: Ashok Malhotra; Fabian.Ritzmann@Sun.COM; public-ws-policy@w3.org;
public-ws-policy-request@w3.org; Sergey Beryozkin
Subject: Re: NEW ISSUE 4130: Ignorable assertions must be ignored



I think that this is wrong approach if we want to support "informational"
or "ignorable" assertions.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>Fabian
Ritzmann <Fabian.Ritzmann@Sun.COM>



                                                                           
                         Fab                                               
                         ian                                               
                         Rit                                               
                         zma                                               
                         nn                                             To 
                         <Fa                                               
                         bia         Anthony Nadalin/Austin/IBM@IBMUS      
                         n.R                                               
                         itz                                            cc 
                         man                                               
                         n@S         Sergey Beryozkin                      
                         un.         <sergey.beryozkin@iona.com>, Ashok    
                         COM         Malhotra <ashok.malhotra@oracle.com>, 
                         >           public-ws-policy@w3.org,              
                         Sen         public-ws-policy-request@w3.org       
                         t                                                 
                         by:                                       Subject 
                         Fab                                               
                         ian         Re: NEW ISSUE 4130: Ignorable         
                         .Ri         assertions must be ignored            
                         tzm                                               
                         ann                                               
                         @Su                                               
                         n.C                                               
                         OM                                                
                                                                           
                                                                           
                         01/                                               
                         10/                                               
                         200                                               
                         7                                                 
                         11:                                               
                         32                                                
                         AM                                                
                                                                           





Anthony Nadalin wrote:
>
> So with Lax and Strict what is the usecase for ignorable ? as with Lax
> you can make the choice to ignore the fact there is not an intersection
>

Lax only allows to ignore assertions in intersection if they are marked
as Ignorable. Strict does not look at Ignorable at all and works as the
original intersection algorithm.

Fabian



> Inactive hide details for "Sergey Beryozkin"
> <sergey.beryozkin@iona.com>"Sergey Beryozkin" <sergey.beryozkin@iona.com>
>
>
>                         * "Sergey Beryozkin"
>                         <sergey.beryozkin@iona.com> *
>                         Sent by: public-ws-policy-request@w3.org
>
>                         01/08/2007 12:35 PM
>
>
>
> To
>
> "Ashok Malhotra" <ashok.malhotra@oracle.com>, <public-ws-policy@w3.org>
>
> cc
>
>
> Subject
>
> Re: NEW ISSUE 4130: Ignorable assertions must be ignored
>
>
>
>
> Hi
>
> " - ASSERTIONS THAT THE OTHER PARTY SHOULD NEVER SEE
> Such as logging. These are private to my implementation.
> Glen: Such assertions should be removed prior to intersection and
> never exposed to the other party.
> Ashok: They can be included in the policy and always 'ignore' d. "
>
> S.B. Ashok what you're suggesting is exactly what we were trying to
> pursue with our wsp:local proposal, without success :-). We wanted a
> standard attribute which can be used to mark private assertions (would
> be useful for writing generic tools, etc), furthermore we were
> agreeing that such assertions must be stripped of, but ignored by
> requesteres if leaked (inadvertently or due to some constraints).
> Now that we have wsp:ignorable I don't see a way of getting back...So
> I agree with Glen.
>
> As was noted before, you can now use a lax mode if you want your
> provider assertions be ignored. Otherwise, why to expose assertions
> which need to be always ignored ? Assertions are for requesters.
>
> "
> - ASSERTIONS THAT CANNOT BE MATCHED BY MACHINE
> A: I think these are useful to include in policies for advertising.
> For example, legal or privacy policies. Users cannot match on these
> but will look at them and decide whether to use a particular service
> or not based on their contents.
> These too must be always 'ignore' d during intersection.
> G: Such assertions should not be included in policies but, rather,
> included in some other metadata bucket.
> A: But we have not defined any other metadata buckets. "
>
> S.B. I agree that these are useful to include in policies for
> advertising. Two options :
> * Make these assertions as "ignorable" and use the lax mode to handle
> such policies. This will require a smart requester UI tool which will
> offer users a chance to vote on "ignorable" provider assertions which
> have not been understood during the intersection.
> * As Tom noted, you can use a strict mode too. This will require
> requesteres though to be aware of these assertions in advance.
>
> "- ASSERTIONS THAT THE OTHER PARTY MAY BE ABLE TO MATCH
> G: If he can match the assertions, great! If not, he should be able to
> proceed even if he cannot match. This is the rationale for lax and
> strict matching.
> A: I accept this usecase but that's not what I was thinking of."
>
> So if you agree with Glen here then I'm not qute sure what exactly is
> your scenario...
>
> Thanks, Sergey
>
>
>
>
> Glen Daniels and I had a chat about 'ignorable'.
>
> It turns out, not surprisingly, that we had different usecases in mind
> and different ideas as to how they should be handled.
>
> Here is a summary of our positions. Please respond if you have views on
> them.
>
> Glen, please correct me if I have misrepresented your positions.
>
> - ASSERTIONS THAT THE OTHER PARTY SHOULD NEVER SEE
> Such as logging. These are private to my implementation.
> Glen: Such assertions should be removed prior to intersection and
> never exposed to the other party.
> Ashok: They can be included in the policy and always 'ignore' d.
>
> - ASSERTIONS THAT CANNOT BE MATCHED BY MACHINE
> A: I think these are useful to include in policies for advertising.
> For example, legal or privacy policies. Users cannot match on these
> but will look at them and decide whether to use a particular service
> or not based on their contents.
> These too must be always 'ignore' d during intersection.
> G: Such assertions should not be included in policies but, rather,
> included in some other metadata bucket.
> A: But we have not defined any other metadata buckets.
>
> - ASSERTIONS THAT THE OTHER PARTY MAY BE ABLE TO MATCH
> G: If he can match the assertions, great! If not, he should be able to
> proceed even if he cannot match. This is the rationale for lax and
> strict matching.
> A: I accept this usecase but that's not what I was thinking of.
>
> All the best, Ashok
>
> > -----Original Message-----
> > From: public-ws-policy-request@w3.org
> <mailto:public-ws-policy-request@w3.org> [mailto:public-ws-policy-
> > request@w3.org <mailto:request@w3.org> ] On Behalf Of Ashok Malhotra
> > Sent: Tuesday, January 02, 2007 6:37 AM
> > To: public-ws-policy@w3.org <mailto:public-ws-policy@w3.org>
> > Subject: NEW ISSUE 4130: Ignorable assertions must be ignored
> >
> >
> >
> >
> > Title
> >
> > Ignorable assertion must be ignored
> >
> > Description
> >
> > At the last f2f meeting the WS-Policy WG agreed to add an attribute
> called
> > 'ignorable' to the WS-Policy assertion syntax. We think this is a
> step in
> > the right direction. The WG, however, blunted the effect of this change
> > by
> > allowing the ignorable attribute to be ignored during policy
> intersection
> > by
> > allowing two intersection modes one of which honors the ignorable
> > attribute and the other which ignores it.
> >
> > We argue this creates a problem as the parties attempting to agree on a
> > policy alternative may use different forms of the intersection
algorithm
> > and come up with different solutions. A standard that allows such
> > variation is not very useful.
> >
> > We suggest that the policy intersection algorithm be changed so that
> > assertions marked ignorable are always ignored.
> >
> > Justification
> >
> > See above.
> >
> > Target
> >
> > WS-Policy Framework
> >
> > Proposal
> >
> > 1. In section 4.5 Policy Intersection, add a third bullet after the
> first
> > two bullets that says:
> > o Assertions with ignorable = 'true' are ignored in during policy
> > intersection.
> >
> > 2. Remove the first bullet, including its sub-bullets from the
> second set
> > of 2 bullets.
> >
> > 3. Add an ignorable assertion to the following example.
> >
> >
> >
> >
>


--
Fabian Ritzmann
Sun Microsystems, Inc.
Stella Business Park             Phone +358-9-525 562 96
Lars Sonckin kaari 12            Fax   +358-9-525 562 52
02600 Espoo                      Email Fabian.Ritzmann@Sun.COM
Finland








graycol.gif
(image/gif attachment: graycol.gif)

pic04525.gif
(image/gif attachment: pic04525.gif)

ecblank.gif
(image/gif attachment: ecblank.gif)

18649987.gif
(image/gif attachment: 18649987.gif)

18471636.gif
(image/gif attachment: 18471636.gif)

18964986.gif
(image/gif attachment: 18964986.gif)

image001.gif
(image/gif attachment: image001.gif)

image004.gif
(image/gif attachment: image004.gif)

image005.gif
(image/gif attachment: image005.gif)

Received on Thursday, 11 January 2007 03:34:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:45 GMT