W3C home > Mailing lists > Public > public-ws-policy@w3.org > May 2007

RE: Action-288 (was RE: [Bug 4479] Editorial, note is obscure or unclear

From: Bob Freund <bob@freunds.com>
Date: Tue, 01 May 2007 20:03:28 -0400
To: "Asir Vedamuthu" <asirveda@microsoft.com>, <public-ws-policy@w3.org>
Message-id: <7D5D3FDA429F4D469ADF210408D6245A066DC0@jeeves.freunds.com>

+1

> -----Original Message-----
> From: Asir Vedamuthu [mailto:asirveda@microsoft.com]
> Sent: Tuesday, May 01, 2007 6:13 PM
> To: Bob Freund; public-ws-policy@w3.org
> Subject: Action-288 (was RE: [Bug 4479] Editorial, note is obscure or
> unclear
> 
> Action-288 - Amend note in accordance with
> http://lists.w3.org/Archives/Public/public-ws-policy/2007Apr/0081.html
> 
> Our proposed replacement for the last paragraph in Section 3.2 [1] is:
> 
> Note: Depending on the semantics of the domain specific policy
> assertions a combination of the policy assertions can be required to
> specify a particular behavior. For example, a combination of two or
> three assertions from the WS-SecurityPolicy specification is used to
> indicate message-level security for protecting messages - that is, the
> sp:AsymmetricBinding assertion is used to indicate message-level
> security, the sp:SignedParts assertion is used to indicate the parts
of
> a message to be protected and the sp:EncryptedParts assertion is used
> to indicate the parts of a message that require confidentiality.
> 
> [1] http://www.w3.org/TR/2007/CR-ws-policy-
> 20070330/#rPolicy_Alternative
> 
> Regards,
> 
> Asir S Vedamuthu
> Microsoft Corporation
> 
> -----Original Message-----
> From: public-ws-policy-request@w3.org [mailto:public-ws-policy-
> request@w3.org] On Behalf Of Asir Vedamuthu
> Sent: Friday, April 20, 2007 7:31 PM
> To: bob@freunds.com; public-ws-policy@w3.org
> Subject: FW: [Bug 4479] Editorial, note is obscure or unclear
> 
> 
> >Depending on the semantics of the domain specific policy assertions a
> >combination of these policy assertions can be required to specify a
> >particular behavior
> 
> The above note [1] was added in January '07 in response to issue 4236
> [2].
> 
> Let's look at a concrete example. In WS-SecurityPolicy, a combination
> of 2 or 3 assertions may be needed to indicate a behavior. For
> instance, to represent message-level security for protecting messages,
> the sp:AsymmetricBinding assertion is used to indicate message-level
> security, the sp:SignedParts assertion is used to indicate the parts
of
> a message to be protected and the sp:EncryptedParts assertion is used
> to indicate the parts of a message that require confidentiality [3].
In
> this example, the behavior is specified using a combination of policy
> assertions.
> 
> >It is unclear to this reader if the assertion set alone is sufficient
> >to specify a domain specific behavior
> 
> Yes, they are sufficient. Your first impression is right!
> 
> Do you think some prose and examples that illustrate the above note in
> the Guidelines document would help assertion authors?
> 
> [1] http://www.w3.org/TR/2007/CR-ws-policy-
> 20070330/#rPolicy_Alternative
> [2] http://www.w3.org/Bugs/Public/show_bug.cgi?id=4236
> [3] http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-
> securitypolicy-1.2-spec-cd-02.html#_Toc161826608
> 
> Regards,
> 
> Asir S Vedamuthu
> Microsoft Corporation
> 
> 
> 
> -----Original Message-----
> From: public-ws-policy-qa-request@w3.org [mailto:public-ws-policy-qa-
> request@w3.org] On Behalf Of bugzilla@wiggum.w3.org
> Sent: Thursday, April 19, 2007 12:08 PM
> To: public-ws-policy-qa@w3.org
> Subject: [Bug 4479] Editorial, note is obscure or unclear
> 
> 
> http://www.w3.org/Bugs/Public/show_bug.cgi?id=4479
> 
>            Summary: Editorial, note is obscure or unclear
>            Product: WS-Policy
>            Version: CR
>           Platform: PC
>         OS/Version: Windows XP
>             Status: NEW
>           Severity: normal
>           Priority: P2
>          Component: Framework
>         AssignedTo: fsasaki@w3.org
>         ReportedBy: bob@freunds.com
>          QAContact: public-ws-policy-qa@w3.org
> 
> 
> In WS-Policy 1.5 Framework Section 3.2 it is written:
> "Note: Depending on the semantics of the domain specific policy
> assertions a
> combination of the policy assertions can be required to specify a
> particular
> behavior."
> 
> It is unclear to this reader if the assertion set alone is sufficient
> to
> specify a domain specific behavior or if the compatible assertions
> produced as
> the result of the default intersection algorithm are what is meant in
> the
> context of this note.  If this note is intended to mean that
assertions
> alone
> suffice, then it seems that policy authors have the freedom to define
> arbitrary
> policy vocabularies and arbitrary policy alternative vocabularies so
> long as
> they have defined the domain specific behavior for all acceptible
> combinations
> within that domain of such assertions independant of any other rules
> which may
> be described within this document.
> 
> I think that this note needs qualification or clarification.
> 
Received on Wednesday, 2 May 2007 00:03:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:50 GMT