- From: Christopher B Ferris <chrisfer@us.ibm.com>
- Date: Thu, 10 May 2007 08:02:27 -0400
- To: "Ashok Malhotra" <ashok.malhotra@oracle.com>
- Cc: "Daniel Roth" <Daniel.Roth@microsoft.com>, "David Orchard" <dorchard@bea.com>, "public-ws-policy@w3.org" <public-ws-policy@w3.org>, public-ws-policy-request@w3.org
- Message-ID: <OF32F85A71.3C5B32C2-ON852572D7.003FC330-852572D7.00420A3D@us.ibm.com>
Ashok, Bzzzt. Where in the text that I have offered is the RFC2119 keyword "MUST NOT"? The proposal that IBM has offered does NOT require that you know the unknowable (the complete set of policy alternatives in the universe). The proposal we have offered is an attempt to make it clear that a policy alternative is a complete expression of the set of behaviors to be engaged. If we have the "makes no claims" interpretation, then a policy author is free to (for instance) exclude the security policy necessary to the interaction on the grounds that it is too complicated. Thus, an endpoint wishing to interact with an endpoint whose policy was authored by this lazy policy author would find out the hard way that the message needed to be signed and encrypted in order to be processed. We believe that in order for policy to have value, it must be a complete expression of the behaviors that are engaged for purposes of interaction. This has nothing to do with omniscience of policy assertion vocabularies and exclusion of the set of behaviors implied by those absent from a given policy alternative. IBM wants a policy alternative to be able to be taken at face value as the expression of the set of behaviors that are to be used to interact (interoperate) with the attached policy subject. Cheers, Christopher Ferris STSM, Software Group Standards Strategy email: chrisfer@us.ibm.com blog: http://www.ibm.com/developerworks/blogs/page/chrisferris phone: +1 508 377 9295 public-ws-policy-request@w3.org wrote on 05/09/2007 06:11:23 PM: > > Yes, David, I agree. Let me put it more starkly. > Chris' proposal is that if the agreed on policy is: > > <policy> > <A/> > <B/> > </policy> > > Then you MUST NOT do assertion X or Y or any other assertions for that matter. > > This means that you must know the universe of all possible assertions. > The <encoding> assertion is one you may not think about but unless > you specify <encoding> you cannot do it, according to this proposal. > > > All the best, Ashok > > > -----Original Message----- > > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > > request@w3.org] On Behalf Of David Orchard > > Sent: Wednesday, May 09, 2007 9:24 AM > > To: Daniel Roth; Ashok Malhotra; public-ws-policy@w3.org > > Subject: RE: AIN, NOBI and composition > > > > > > We continue to talk past each other. I think the following two > > sentences are equivalent: > > "No behaviors are to be applied for the alternative other than the > > behaviors specified by the assertions in the alternative" > > "The absence of an assertion means that the behaviour specified by the > > absent assertion should not be applied". > > > > Cheers, > > Dave > > > > > -----Original Message----- > > > From: Daniel Roth [mailto:Daniel.Roth@microsoft.com] > > > Sent: Tuesday, May 08, 2007 4:52 PM > > > To: David Orchard; Ashok Malhotra; public-ws-policy@w3.org > > > Subject: RE: AIN, NOBI and composition > > > > > > > AIN Closed flavour: Any assertion not in an alternative > > > should not be > > > > applied (revised chris proposal) > > > > > > Chris' revised proposal doesn't say anything about the > > > absence of assertions. It simply says that no behaviors are > > > to be applied for the alternative other than the behaviors > > > specified by the assertions in the alternative. > > > > > > Daniel Roth > > > > > > -----Original Message----- > > > From: David Orchard [mailto:dorchard@bea.com] > > > Sent: Tuesday, May 08, 2007 4:42 PM > > > To: Ashok Malhotra; Daniel Roth; public-ws-policy@w3.org > > > Subject: RE: AIN, NOBI and composition > > > > > > Well, I think we need to have clear wording for all the "alternatives" > > > before the working group. > > > > > > The way I see it: > > > AIN Vocabulary flavour: Any assertion not in a vocabulary > > > should not be applied (Original chris proposal) AIN Closed > > > favour: Any assertion not in an alternative should not be > > > applied (revised chris proposal) AIN Removal: Any assertion > > > not in alternative means nothing. It may or may not be applied. > > > > > > Cheers, > > > Dave > > > > > > > -----Original Message----- > > > > From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com] > > > > Sent: Tuesday, May 08, 2007 4:29 PM > > > > To: Daniel Roth; David Orchard; public-ws-policy@w3.org > > > > Subject: RE: AIN, NOBI and composition > > > > > > > > Dan: > > > > I'm sorry, but that's not how I read it. > > > > > > > > My reading is that you CANNOT apply assertions that are not in the > > > > selected alternative. That, to me feels like negation. > > > > > > > > I think we shd get behind Monica's explicit wording that eliminates > > > > the fuzz factor. > > > > > > > > All the best, Ashok > > > > > > > > > -----Original Message----- > > > > > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > > > > > request@w3.org] On Behalf Of Daniel Roth > > > > > Sent: Tuesday, May 08, 2007 4:12 PM > > > > > To: David Orchard; public-ws-policy@w3.org > > > > > Subject: RE: AIN, NOBI and composition > > > > > > > > > > > > > > > This is exactly the problem with tying negation semantics to the > > > > > absence of assertion types (AIN). > > > > > > > > > > IBM's proposal fixes this by simply saying you do what you > > > > assert and > > > > > nothing else (NOBI). > > > > > > > > > > Daniel Roth > > > > > > > > > > -----Original Message----- > > > > > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > > > > > request@w3.org] On Behalf Of David Orchard > > > > > Sent: Tuesday, May 08, 2007 3:23 PM > > > > > To: public-ws-policy@w3.org > > > > > Subject: AIN, NOBI and composition > > > > > > > > > > > > > > > I wonder about AIN, NOBI, etc. and composition. > > > > > > > > > > Imagine that WS-I produces an assertion that says a "RSPAssertion" > > > > > means RMAssertion and Security, perhaps exactly one of > > > > > messageSecurity|transportsecurity. What's the meaning > > > when some of > > > > > messageSecurity|the > > > > > assertions that are in the composition are missing? For > > > example, I > > > > > just say RSPAssertion. I don't say RMAssertion, though > > > > RMAssertion is > > > > > in the vocabulary. If I get an intersection that says > > > RSPAssertion > > > > > but not RMAssertion, AIN has the implication that you > > > > shouldn't apply > > > > > RMAssertion yet RSPAssertion does. > > > > > > > > > > We don't say anything about whether an assertion that means a > > > > > behaviour "trumps" the lack of such an assertion. > > > > > > > > > > With AIN, there's a problem. Without AIN, there's no > > > > problem because > > > > > there's no conflict. > > > > > > > > > > Cheers, > > > > > Dav3e > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
Received on Thursday, 10 May 2007 12:02:44 UTC