W3C home > Mailing lists > Public > public-ws-policy@w3.org > May 2007

RE: FW: [Bug 4552] Should the word "collection" be changed to something more specific?

From: Asir Vedamuthu <asirveda@microsoft.com>
Date: Sun, 20 May 2007 20:15:48 -0700
To: Ashok Malhotra <ashok.malhotra@oracle.com>, "Rogers, Tony" <Tony.Rogers@ca.com>, David Hull <dmh@tibco.com>
CC: "public-ws-policy@w3.org" <public-ws-policy@w3.org>
Message-ID: <C9BF0238EED3634BA1866AEF14C7A9E543152A55B5@NA-EXMSG-C116.redmond.corp.microsoft.com>

A policy alternative MAY contain multiple assertions of the same type. Mechanisms for determining the aggregate behavior indicated by the assertions are specific to the assertion type and are outside the scope of the Framework [1].

For example, the SignedParts assertion type specifies the semantics [2] of multiple instances in the same policy alternative.

The WS-Policy Guidelines document says, "A policy alternative can contain multiple instances of the same policy assertion. An assertion description should specify the semantics of multiple instances of a policy assertion in the same policy alternative and the semantics of parameters and nested policy (if any) when there are multiple instances of a policy assertion in the same policy alternative." [3]

It is fair to assume that a processor that implements an assertion type would conform to the assertion type and its semantics.

[1] http://www.w3.org/TR/2007/CR-ws-policy-20070330/#rPolicy_Alternative
[2] http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-cd-02.html#_Toc161826512
[3] http://tinyurl.com/2w8obf#bp-WSDL-policy-multiple-instance-semantics

Regards,

Asir S Vedamuthu
Microsoft Corporation









From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com]
Sent: Sunday, May 20, 2007 4:42 PM
To: Rogers, Tony; David Hull
Cc: Asir Vedamuthu; public-ws-policy@w3.org
Subject: RE: FW: [Bug 4552] Should the word "collection" be changed to something more specific?

The question that's starting to worry me is whether

<All>
    <A/>
    <B/>
    <A/>
    <B/>
</All>

Is equivalent to

<All>
    <A/>
    <B/>
</All>

I think the answer is that, in general, they are not because of parameters and embedded policies.
This worries me because my policy processor will receive the former and try and apply two variations of <A/> with somewhat different parameters and/or embedded policies.

All the best, Ashok
________________________________________
From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Rogers, Tony
Sent: Sunday, May 20, 2007 1:32 PM
To: David Hull
Cc: Asir Vedamuthu; public-ws-policy@w3.org
Subject: RE: FW: [Bug 4552] Should the word "collection" be changed to something more specific?

I don't see how you get BBBB and AAAA, and I think you are missing ABAB and AABB.

Tony Rogers

________________________________________
From: David Hull [mailto:dmh@tibco.com]
Sent: Mon 21-May-07 1:55
To: Rogers, Tony
Cc: Asir Vedamuthu; public-ws-policy@w3.org
Subject: Re: FW: [Bug 4552] Should the word "collection" be changed to something more specific?
For (a somewhat artificial) example:

If I intersect

<All>
  <ExactlyOne>
    <A/>
    <B/>
  </ExactlyOne>
  <ExactlyOne>
    <B/>
    <A/>
  </ExactlyOne>
</All>

with itself, I believe I get a policy that could be represented by the policy expression

<ExactlyOne>
  <All><A/><B/><B/><A/></All>
  <All><B/><B/><B/><B/></All>
  <All><B/><A/><A/><B/></All>
  <All><B/><A/><B/><A/></All>
  <All><A/><A/><A/><A/></All>
  <All><B/><B/><A/><A/></All>
</ExactlyOne>

Is this correct?

Rogers, Tony wrote:
Maybe I'm missing something: doesn't an implementation have to determine if two assertions are the same when doing a policy intersection? I can't see how you can do a policy intersection WITHOUT determining if assertions are the same.

I think I'd have a better understanding if someone explained the reasoning behind wanting to put two copies in the intersection result. And I doubt I'm the only one.

Tony Rogers
tony.rogers@ca.com


________________________________________
From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Asir Vedamuthu
Sent: Thursday, 17 May 2007 1:01
To: David Hull
Cc: public-ws-policy@w3.org
Subject: RE: FW: [Bug 4552] Should the word "collection" be changed to something more specific?
It is unclear from this mail thread re why the framework should force implementations to figure out if two alternatives are same and filter them out? Any technical reasons?

To be super clear, the quote below is not from me :-)

Regards,

Asir S Vedamuthu
Microsoft Corporation


From: David Hull [mailto:dmh@tibco.com]
Sent: Tuesday, May 15, 2007 8:48 PM
To: Asir Vedamuthu
Cc: public-ws-policy@w3.org
Subject: Re: FW: [Bug 4552] Should the word "collection" be changed to something more specific?

Asir Vedamuthu wrote:
the blanket statement that "collection"
means "unordered collection with multiple occurrences allowed" is
inappropriate.


Multiple occurrences of the same alternative are okay. The framework treats them as separate alternatives. Can't imagine the technical reasons on why the framework should force implementations to figure out if two alternatives are same and filter them out.

You're defining semantics here, not implementation.  If duplicates make no difference, you have set semantics.  If they do, you have bag semantics.  If an implementation wants to keep duplicates around, that's its business.

By specifying set semantics you are saying that, e.g.,

<ExactlyOne>
  <All><Foo/></All>
</ExactlyOne>

means the same as

<ExactlyOne>
  <All><Foo/></All>
  <All><Foo/></All>
</ExactlyOne>

and therefore that no one should write code that depends on one or the other form specifically.  Similarly, no one should depend on distinctions between <All><Foo/><Bar/></All> and <All><Bar/><Foo/></All>.  That doesn't force implementations to maintain alternatives in some canonical order, it just defines part of the contract for policy authors.

While we're on the topic, it would be good to have a specific use case in which <All><Foo/><Foo/></All> is meant to be different from <All><Foo/></All>.  If there aren't any, then it would be better to replace "collection" with "set" throughout.  For example, the question of what does "all of the assertions in both alternatives" mean goes away; you just say "union".

If implementers would like to optimize their implementations the framework does not preclude filtering multiple occurrences of the same alternative.

Regards,

Asir S Vedamuthu
Microsoft Corporation


-----Original Message-----
From: public-ws-policy-qa-request@w3.org [mailto:public-ws-policy-qa-request@w3.org] On Behalf Of bugzilla@wiggum.w3.org
Sent: Friday, May 11, 2007 8:14 AM
To: public-ws-policy-qa@w3.org
Subject: [Bug 4552] Should the word "collection" be changed to something more specific?


http://www.w3.org/Bugs/Public/show_bug.cgi?id=4552


dmh@tibco.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dmh@tibco.com




------- Comment #1 from dmh@tibco.com  2007-05-11 15:13 -------
My understanding from the list discussion is that policies are *sets* of
alternatives, not bags, in that it does not matter how many times an
alternative appears, so long as it appears.

If so, then the blanket statement that "collection" means "unordered collection
with multiple occurrences allowed" is inappropriate.  If policies are allowed
to contain the same alternative multiple times, then someone has to say what
the differences is between, e.g., an alternative occurring once and the same
alternative occurring twice.

Conversely, if there is no difference, then say so explicitly.  That is,
instead of saying "A policy is a collection (unordered, multiples allowed) of
alternatives where multiplicity doesn't matter", say directly that "A policy is
a set of alternatives".
Received on Monday, 21 May 2007 03:17:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:51 GMT