W3C home > Mailing lists > Public > public-ws-policy@w3.org > March 2007

Re: [ws-rx] I just posted a PR comment on MakeConnection Policy assertion

From: Doug Davis <dug@us.ibm.com>
Date: Wed, 28 Feb 2007 19:28:25 -0500
To: tom@coastin.com
Cc: Gilbert Pilz <Gilbert.Pilz@bea.com>, public-ws-addressing@w3.org, ws policy <public-ws-policy@w3.org>, public-ws-policy-request@w3.org, tom@coastin.com, wsrx <ws-rx@lists.oasis-open.org>
Message-ID: <OFD86FF220.F67B31E2-ON85257291.0001EDBE-85257291.00029945@us.ibm.com>
Tom,
What does it mean if neither wsam:Anon nor wsam:nonAnon appear under a 
wsam:Addressing element?
In your proposal you say the absence of wsam:Anon means it Anon can't be 
used.
In your proposal you say the absence of wsam:nonAnon means Anon must be 
used.
So we have contradictory statements when neither appear, no?

thanks
-Doug
______________________________________________________
STSM  |  Web Services Architect  |  IBM Software Group
(919) 254-6905  |  IBM T/L 444-6905  |  dug@us.ibm.com



Tom Rutt <tom@coastin.com> 
Sent by: public-ws-policy-request@w3.org
02/28/2007 07:18 PM
Please respond to
tom@coastin.com


To
Gilbert Pilz <Gilbert.Pilz@bea.com>
cc
tom@coastin.com, wsrx <ws-rx@lists.oasis-open.org>, 
public-ws-addressing@w3.org, ws policy <public-ws-policy@w3.org>
Subject
Re: [ws-rx] I just posted a PR comment on MakeConnection Policy assertion







I put an example policy which has three alternatives

These cover the CR33 is in my opinion.

The following example shows an equivalent policy expression, assuming 
proposed
alternative A (wsa:NonAnonymous defined as any URI value other than 
wsa:Anonymous) is selected.  This requires use of MakeConnection to be 
treated as a special case of wsam:nonAnonymous reply.



<wsp:Policy>  <-- Policy expression for proposed alternative a) -->
..<wsp:ExactlyOne>

....<wsp:All>
......<wsam:Addressing>
........<wsp:Policy>
..........<wsp:ExactlyOne>
..........<!-- anon or non-anon responses required-->
............<wsp:All>
..............<wsam:AnonymousResponses/>
............</wsp:All>
............<wsp:All>
...............<wsam:NonanonymousResponses/>
............</wsp:All>
..........</wsp:ExactlyOne>
........</wsp:Policy>
......</wsam:Addressing>
......<!--  wsmc:MakeConnection is not asserted as part of this all, 
thus no statement on its use in this alternative --.>
....</wsp:All>


....<! Addressing required, only use makeConnection for reply -->
....<wsp:All>
......<wsam:Addressing>
........<wsp:Policy>
..........<wsp:ExactlyOne>
..........<!-- non-anon responses required-->
............<wsp:All>
...............<wsam:NonanonymousResponses/>
............<wsp:All>
..........</wsp:ExactlyOne>
........</wsp:Policy>
......</wsam:Addressing>
......<wsmc:MakeConnection/>
....</wsp:All>
..</wsp:ExactlyOne>
</wsp:Policy>



Tom Rutt wrote:
> Comments below
>
> Tom Rutt
>
> Gilbert Pilz wrote:
>> This discussion really belongs in WS-Addr so I've cross-posted . . .
>>
>> I'm very uncomfortable with the idea that the non-presence of the
>> wsam:NonAnonymousResponses implies that non-anonymous reply addresses 
>> are
>> not supported. Doesn't this just re-open the festering wound of CR33?
>>
>> Both the wsam:AnonymousResponses and wsmc:MCResponses assertions 
>> refer to
>> the use of fairly specific URIs, but wsam:NonAnonymousResponses 
>> refers to
>> the use of *any* URI other than
>> "http://www.w3.org/2005/08/addressing/anonymous". To say that the 
>> absence of
>> wsam:NonAnonymousResponses implies its negation is to say that *only*
>> wsa:Anon is supported (thus ruling out things like the wsmc:Anon URI).
>> Didn't we spend months figuring out that this wouldn't work?
>> 
> Since these two policy assetions are nested in Addressing asssertion, 
> any policy maker
> who includes the addressing assertion is aware of the semantics of its 
> two nested policy assertion types.
>
> That policy maker can construct a policy expression which contains 
> enough alternatives to
> cover all the response mechanisms it wants to use with that endpoint.
> Anyway, lets assume we take out the text about "non presence means 
> prohibition".  if someone puts int "AnonymousResponses" nested 
> assertion in an addressing assertion and it is a requirement, that is 
> saying that other type of responses cannot be used (since anonymous is 
> required for instances of responses).  Thus to allow use of non 
> anonymous responses and anonymous responses would require two 
> alternative in the policy expression.
>
> If we have to deal with alternatives anyway to espress the necessary 
> semantics of replies in a policy expression, I do not see the problem 
> of having "non Presence" of the NonAnonymousResponses
> nested assertion in any alternative involving addressing assetion 
> implying non-anonymous is prohibited.  Just add another alternative 
> which includes the nested assertion you want.
>
>
> Tom Rutt
>> - gp
>>
>> 
>>> -----Original Message-----
>>> From: Tom Rutt [mailto:tom@coastin.com] Sent: Tuesday, February 27, 
>>> 2007 12:56 PM
>>> To: tom@coastin.com
>>> Cc: Doug Davis; wsrx
>>> Subject: Re: [ws-rx] I just posted a PR comment on MakeConnection 
>>> Policy assertion
>>>
>>> Tom Rutt wrote:
>>> 
>>>> Tom Rutt wrote:
>>>> 
>>>>> Doug Davis wrote:
>>>>> 
>>>> I now understand that your changes are required since make 
>>> connection 
>>>> can also be used for delivering requests.
>>>>
>>>> Thus I agree with our changes to my proposal.
>>>>
>>>> However we still need to discuss the need for a statement on Non 
>>>> Presence implying prohibition.
>>>> 
>>> After talking to some ws-policy experts, it seems that because 
>>> MakeConnection is a first level policy assertion type, lack of 
>>> presence of this assertion anywhere in a policy alternative says 
>>> nothing about its use.
>>>
>>> The difference with ws addressing nested paramters is that they are 
>>> defined within the context of the first level assertion "addressing" 
>>> .  This for these nested parameters, non presence within an 
>>> asseretion of "addressing" policy  implies prohibition of that 
>>> alternative.
>>>
>>> The tricky part is if a policy has two alternatives, and one of 
>>> those alternative includes the MakeConnection assertion, that policy 
>>> statement has introduced MakeConnection into the policy vocabulary. 
>>> In such a case, does absence in one of the assertions imply not 
>>> using make connection?
>>>
>>> eg
>>>
>>> <wsp:Policy>
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <wsmc:MakeConnection/>
>>> </wsp:All>
>>> <wsp:All>
>>> <-- does this alternative prohibit use of MakeConnection?? -->
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>>
>>> 
>>>> This discsussion needs to distinguish an endpoint which has 
>>> no policy 
>>>> statement attached, from one which has policy attached, but 
>>> does not 
>>>> include the makeConnection assertion in any alternative.
>>>> 
>>>>>> Tom,
>>>>>> you proposed:
>>>>>> Change lines 327 - 329 from:
>>>>>> "
>>>>>> The MakeConnection policy assertion indicates that the 
>>> MakeConnection
>>> 
>>>>>> protocol (operation and the use of the MakeConnection URI 
>>> template in
>>> 
>>>>>> EndpointReferences) is supported. This assertion has 
>>> Endpoint Policy
>>> 
>>>>>> Subject [WS-PolicyAttachment].
>>>>>> "
>>>>>> To
>>>>>> "
>>>>>> The MakeConnection policy assertion indicates that the 
>>> MakeConnection
>>> 
>>>>>> protocol (operation and the use of the MakeConnection URI 
>>> template in
>>> 
>>>>>> EndpointReferences) is required for instances of replies. This
>>>>>> assertion has Endpoint Policy Subject [WS-PolicyAttachment].
>>>>>> "
>>>>>> Since MC doesn't talk about any EPR in particular I think 
>>> it would 
>>>>>> make more sense to reword as:
>>>>>> "
>>>>>> The MakeConnection policy assertion indicates that the 
>>> MakeConnection
>>> 
>>>>>> protocol (operation and the use of the MakeConnection URI 
>>> template in
>>> 
>>>>>> EndpointReferences) is required for messages from this 
>>> endpoint. This
>>> 
>>>>>> assertion has Endpoint Policy Subject [WS-PolicyAttachment].
>>>>>> 
>>>>> your wording removed "required for instances of replies". Is this 
>>>>> because you wish it to be used for requests as well.?
>>>>> 
>>>>>> "
>>>>>> And then you suggested:
>>>>>> Change line 334 from:
>>>>>> "
>>>>>> A policy assertion that specifies that the MakeConnection 
>>> protocol is
>>> 
>>>>>> supported.
>>>>>> "
>>>>>> To
>>>>>> "
>>>>>> A policy assertion that specifies that the MakeConnection 
>>> protocol is
>>> 
>>>>>> required for instances of replies from an endpoint.
>>>>>> "
>>>>>> And I would suggest this instead:
>>>>>> "
>>>>>> A policy assertion that specifies that the MakeConnection 
>>> protocol is
>>> 
>>>>>> required for instances of messages from this endpoint.
>>>>>> "
>>>>>>
>>>>>> 
>>>>> same question, I assumed makeConnection is for responses, are you
>>>>> are pointing out it can also be used for requests?
>>>>> Tom
>>>>> 
>>>>>> As to Paul's question of severity of this change, it 
>>> would seem that
>>> 
>>>>>> your text is still consistent with the intent of the 
>>> original text,
>>> 
>>>>>> as such it seems like a non-substantive change. Would you agree?
>>>>>>
>>>>>> thanks
>>>>>> -Doug
>>>>>> ______________________________________________________
>>>>>> STSM | Web Services Architect | IBM Software Group
>>>>>> (919) 254-6905 | IBM T/L 444-6905 | dug@us.ibm.com
>>>>>>
>>>>>> 
>>>>> ----------------------------------------------------
>>>>> Tom Rutt    email: tom@coastin.com; trutt@us.fujitsu.com
>>>>> Tel: +1 732 801 5744          Fax: +1 732 774 5133
>>>>>
>>>>>
>>>>> 
>>>> 
>>> -- 
>>> ----------------------------------------------------
>>> Tom Rutt    email: tom@coastin.com; trutt@us.fujitsu.com
>>> Tel: +1 732 801 5744          Fax: +1 732 774 5133
>>>
>>>
>>>
>>> 
>

-- 
----------------------------------------------------
Tom Rutt                 email: tom@coastin.com; trutt@us.fujitsu.com
Tel: +1 732 801 5744          Fax: +1 732 774 5133
Received on Thursday, 1 March 2007 00:28:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:48 GMT