W3C home > Mailing lists > Public > public-ws-policy@w3.org > May 2007

RE: Bug 4558: Scalability and performance problems with expressing allowable nested policy assertions

From: Anthony Nadalin <drsecure@us.ibm.com>
Date: Thu, 17 May 2007 23:44:56 -0500
To: Asir Vedamuthu <asirveda@microsoft.com>
Cc: David Orchard <dorchard@bea.com>, "public-ws-policy@w3.org" <public-ws-policy@w3.org>, public-ws-policy-request@w3.org
Message-ID: <OFED5BF344.F3FFB699-ON862572DF.0019CD8D-862572DF.001A1663@us.ibm.com>





We have this today, look at a Security Token Service (STS) as implemented
by WS-Trust, and all the security options that are available, I can create
some real nasty assertions that take a lot of processing.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122


                                                                           
             Asir Vedamuthu                                                
             <asirveda@microso                                             
             ft.com>                                                    To 
             Sent by:                  David Orchard <dorchard@bea.com>,   
             public-ws-policy-         "public-ws-policy@w3.org"           
             request@w3.org            <public-ws-policy@w3.org>           
                                                                        cc 
                                                                           
             05/16/2007 08:35                                      Subject 
             PM                        RE: Bug  4558: Scalability and      
                                       performance problems with           
                                       expressing  allowable nested policy 
                                       assertions                          
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





>The scalability problem is that it may be difficult to list and
>exchange all the possible nested assertions.
>The performance problem is that such a scale may result in slow policy
>processers performing intersection.

We are not sure that a provider or requester will support the myriad of
options that will result in a large number of possible combinations that
one should be worried about. We cannot imagine a practical scenario where a
provider or requestor would expose a myriad of options using the X509
assertion. We think a provider or requester allows little variability (that
reflects what is wired under the hood) and publishes one or some small
number of policy alternatives.

Having said that, we do not actually see a large number of possible
combinations as a problem. While a na´ve implementation would, we suppose,
do the full expansion to normal form of all policy alternatives and then
perform n-squared matching. Please note that there are many opportunities
exist for optimization.

OTOH, if you are concerned about malicious providers ... Malicious
providers may provide a policy expression with a large number of
alternatives, a large number of assertions in alternatives or deeply nested
policy expressions. Just like any quality web service implementation has
throttling knobs to limit the size of the message and other message related
parameters, policy implementers need to anticipate these rogue providers
and use a configurable bound with defaults on number of policy
alternatives, number of assertions in an alternative, depth of nested
policy expressions, etc.

Regards,

Asir S Vedamuthu
Microsoft Corporation


-----Original Message-----
From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of David Orchard
Sent: Tuesday, May 15, 2007 5:26 PM
To: public-ws-policy@w3.org
Subject: Bug 4558: Scalability and performance problems with expressing
allowable nested policy assertions


The policy intersection algorithm results in policy assertions with
nesting to
be verbosely expressed with all of the possible nested assertions marked
as
optional="true".  One example of this is SecurityPolicy with X509,
detailed in
http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0160.html.


The scalability problem is that it may be difficult to list and exchange
all
the possible nested assertions.  The performance problem is that such a
scale
may result in slow policy processers performing intersection.

One counter-arguments are that the number of nested assertions is not
large
enough to warrant this optimization, and that the optimization of adding
optional="true" is sufficient.  The general argument of premature
optimization
applies.  This would be a close with no action or defer to v.Next.

Proposal 1:
Update the policy intersection algorithm so that an empty policy
assertion
matches a policy assertion with a nested assertion resulting an the same
policy
assertion with a nested assertion.

Proposal 2:
Provide an explicit wildcard to match any nested assertions.







graycol.gif
(image/gif attachment: graycol.gif)

pic13085.gif
(image/gif attachment: pic13085.gif)

ecblank.gif
(image/gif attachment: ecblank.gif)

Received on Friday, 18 May 2007 04:45:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:51 GMT