W3C home > Mailing lists > Public > public-ws-policy@w3.org > May 2007

Bug 4558: Scalability and performance problems with expressing allowable nested policy assertions

From: David Orchard <dorchard@bea.com>
Date: Tue, 15 May 2007 17:25:50 -0700
Message-ID: <4260A18CD3F05B469E67BC6C20464EAC1B842A@rcpbex01.amer.bea.com>
To: <public-ws-policy@w3.org>

The policy intersection algorithm results in policy assertions with
nesting to
be verbosely expressed with all of the possible nested assertions marked
optional="true".  One example of this is SecurityPolicy with X509,
detailed in

The scalability problem is that it may be difficult to list and exchange
the possible nested assertions.  The performance problem is that such a
may result in slow policy processers performing intersection.

One counter-arguments are that the number of nested assertions is not
enough to warrant this optimization, and that the optimization of adding
optional="true" is sufficient.  The general argument of premature
applies.  This would be a close with no action or defer to v.Next.

Proposal 1:
Update the policy intersection algorithm so that an empty policy
matches a policy assertion with a nested assertion resulting an the same
assertion with a nested assertion.  

Proposal 2:
Provide an explicit wildcard to match any nested assertions.
Received on Wednesday, 16 May 2007 00:26:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:38:34 UTC