W3C home > Mailing lists > Public > public-ws-policy@w3.org > May 2007

Extensions and policy intersection

From: David Hull <dmh@tibco.com>
Date: Fri, 11 May 2007 14:04:28 -0400
Message-ID: <4644B02C.2010600@tibco.com>
To: "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "public-ws-policy@w3.org" <public-ws-policy@w3.org>
Pondering the WS-P spec a bit more, I think the approach described below
will handle the use cases I had in mind.  However, I would be very happy
if someone else would double-check this.  The description below is just
a sketch;  I think it's plausible, but I'm trying to develop a full
proposal, just be sure that someone could do so in the future.

For those joining late, the original use cases are at
http://lists.w3.org/Archives/Public/public-ws-addressing/2007Apr/0100.html

------------------------------------------------------------------------

Define a new policy assertion, say <wstr:destinationConstraint
type="required|allowed|prohibited" schemes="string*"/>.  Examples would be

	<wstr:destinationConstraint type="required" schemes="http mailto">
	<wstr:destinationConstraint type="allowed" schemes="http mailto jabber">
	<wstr:destinationConstraint type="prohibited" schemes="mailto">

This assertion is to be nested inside the wsam:Addressing assertion and
is compatible with the non-anon assertion (and itself).  Any number of
such assertions may occur in an alternative.  The combined effect is
what you'd expect; I'll leave the spec-ese as an exercise for future
generations.

Use case 1:

Policy 1

<wsp:Policy>
  <wsp:ExactlyOne>
    <wsp:All>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="required" schemes="http jabber"/>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Policy 2

<wsp:Policy>
  <wsp:ExactlyOne>
    <wsp:All>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="required" schemes="mailto jabber"/>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Intersection

<wsp:Policy>
  <wsp:ExactlyOne>
    <wsp:All>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="required" schemes="http jabber"/>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="required" schemes="mailto jabber"/>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

>From this we can determine that, since the destination must be either
http or jabber and it must be either mailto or jabber, it must be
jabber.  The intersection algorithm doesn't do this calculation for us. 
It just brings together the pieces we need.

Similarly, for use case 2:

Policy 1

<wsp:Policy>
  <wsp:ExactlyOne>
    <wsp:All>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="allowed" schemes="http jabber"/>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Policy 2

<wsp:Policy>
  <wsp:ExactlyOne>
    <wsp:All>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="allowed" schemes="mailto jabber"/>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Intersection

<wsp:Policy>
  <wsp:ExactlyOne>
    <wsp:All>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="allowed" schemes="http jabber"/>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
      <wsam:Addressing>
        <wsp:Policy>
          <wsp:ExactlyOne>
            <wsp:All>
              <NonAnonymousResponses/>
              <wstr:destinationConstraint type="allowed" schemes="mailto jabber"/>
              <!-- Help!  I'm trapped in an angle-bracket factory! -->
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      </wsam:Addressing>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

and so forth for other variations.
Received on Friday, 11 May 2007 18:04:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:51 GMT