W3C home > Mailing lists > Public > public-ws-policy@w3.org > May 2007

Re: FW: [Bug 4552] Should the word "collection" be changed to something more specific?

From: David Hull <dmh@tibco.com>
Date: Mon, 21 May 2007 12:28:22 -0400
Message-ID: <4651C8A6.2010500@tibco.com>
To: Asir Vedamuthu <asirveda@microsoft.com>
CC: Ashok Malhotra <ashok.malhotra@oracle.com>, "Rogers, Tony" <Tony.Rogers@ca.com>, "public-ws-policy@w3.org" <public-ws-policy@w3.org>

To clarify, this is independent of parameters and nested policies,
right?  In other words, the alternative [A A], which would be expressed as

<All><A/><A/></All>

is distinct from [A], which would be expressed as

<All><A/></All>

even in the absence of parameters and nesting.  Is this correct?

Asir Vedamuthu wrote:
> A policy alternative MAY contain multiple assertions of the same type. Mechanisms for determining the aggregate behavior indicated by the assertions are specific to the assertion type and are outside the scope of the Framework [1].
>
> For example, the SignedParts assertion type specifies the semantics [2] of multiple instances in the same policy alternative.
>
> The WS-Policy Guidelines document says, "A policy alternative can contain multiple instances of the same policy assertion. An assertion description should specify the semantics of multiple instances of a policy assertion in the same policy alternative and the semantics of parameters and nested policy (if any) when there are multiple instances of a policy assertion in the same policy alternative." [3]
>
> It is fair to assume that a processor that implements an assertion type would conform to the assertion type and its semantics.
>
> [1] http://www.w3.org/TR/2007/CR-ws-policy-20070330/#rPolicy_Alternative
> [2] http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-cd-02.html#_Toc161826512
> [3] http://tinyurl.com/2w8obf#bp-WSDL-policy-multiple-instance-semantics
>
> Regards,
>
> Asir S Vedamuthu
> Microsoft Corporation
>
>
>
>
>
>
>
>
>
> From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com]
> Sent: Sunday, May 20, 2007 4:42 PM
> To: Rogers, Tony; David Hull
> Cc: Asir Vedamuthu; public-ws-policy@w3.org
> Subject: RE: FW: [Bug 4552] Should the word "collection" be changed to something more specific?
>
> The question that's starting to worry me is whether
>
> <All>
>     <A/>
>     <B/>
>     <A/>
>     <B/>
> </All>
>
> Is equivalent to
>
> <All>
>     <A/>
>     <B/>
> </All>
>
> I think the answer is that, in general, they are not because of parameters and embedded policies.
> This worries me because my policy processor will receive the former and try and apply two variations of <A/> with somewhat different parameters and/or embedded policies.
>
> All the best, Ashok
> ________________________________________
> From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Rogers, Tony
> Sent: Sunday, May 20, 2007 1:32 PM
> To: David Hull
> Cc: Asir Vedamuthu; public-ws-policy@w3.org
> Subject: RE: FW: [Bug 4552] Should the word "collection" be changed to something more specific?
>
> I don't see how you get BBBB and AAAA, and I think you are missing ABAB and AABB.
>
> Tony Rogers
>
> ________________________________________
> From: David Hull [mailto:dmh@tibco.com]
> Sent: Mon 21-May-07 1:55
> To: Rogers, Tony
> Cc: Asir Vedamuthu; public-ws-policy@w3.org
> Subject: Re: FW: [Bug 4552] Should the word "collection" be changed to something more specific?
> For (a somewhat artificial) example:
>
> If I intersect
>
> <All>
>   <ExactlyOne>
>     <A/>
>     <B/>
>   </ExactlyOne>
>   <ExactlyOne>
>     <B/>
>     <A/>
>   </ExactlyOne>
> </All>
>
> with itself, I believe I get a policy that could be represented by the policy expression
>
> <ExactlyOne>
>   <All><A/><B/><B/><A/></All>
>   <All><B/><B/><B/><B/></All>
>   <All><B/><A/><A/><B/></All>
>   <All><B/><A/><B/><A/></All>
>   <All><A/><A/><A/><A/></All>
>   <All><B/><B/><A/><A/></All>
> </ExactlyOne>
>
> Is this correct?
>
> Rogers, Tony wrote:
> Maybe I'm missing something: doesn't an implementation have to determine if two assertions are the same when doing a policy intersection? I can't see how you can do a policy intersection WITHOUT determining if assertions are the same.
>
> I think I'd have a better understanding if someone explained the reasoning behind wanting to put two copies in the intersection result. And I doubt I'm the only one.
>
> Tony Rogers
> tony.rogers@ca.com
>
>
> ________________________________________
> From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Asir Vedamuthu
> Sent: Thursday, 17 May 2007 1:01
> To: David Hull
> Cc: public-ws-policy@w3.org
> Subject: RE: FW: [Bug 4552] Should the word "collection" be changed to something more specific?
> It is unclear from this mail thread re why the framework should force implementations to figure out if two alternatives are same and filter them out? Any technical reasons?
>
> To be super clear, the quote below is not from me :-)
>
> Regards,
>
> Asir S Vedamuthu
> Microsoft Corporation
>
>
> From: David Hull [mailto:dmh@tibco.com]
> Sent: Tuesday, May 15, 2007 8:48 PM
> To: Asir Vedamuthu
> Cc: public-ws-policy@w3.org
> Subject: Re: FW: [Bug 4552] Should the word "collection" be changed to something more specific?
>
> Asir Vedamuthu wrote:
> the blanket statement that "collection"
> means "unordered collection with multiple occurrences allowed" is
> inappropriate.
>
>
> Multiple occurrences of the same alternative are okay. The framework treats them as separate alternatives. Can't imagine the technical reasons on why the framework should force implementations to figure out if two alternatives are same and filter them out.
>
> You're defining semantics here, not implementation.  If duplicates make no difference, you have set semantics.  If they do, you have bag semantics.  If an implementation wants to keep duplicates around, that's its business.
>
> By specifying set semantics you are saying that, e.g.,
>
> <ExactlyOne>
>   <All><Foo/></All>
> </ExactlyOne>
>
> means the same as
>
> <ExactlyOne>
>   <All><Foo/></All>
>   <All><Foo/></All>
> </ExactlyOne>
>
> and therefore that no one should write code that depends on one or the other form specifically.  Similarly, no one should depend on distinctions between <All><Foo/><Bar/></All> and <All><Bar/><Foo/></All>.  That doesn't force implementations to maintain alternatives in some canonical order, it just defines part of the contract for policy authors.
>
> While we're on the topic, it would be good to have a specific use case in which <All><Foo/><Foo/></All> is meant to be different from <All><Foo/></All>.  If there aren't any, then it would be better to replace "collection" with "set" throughout.  For example, the question of what does "all of the assertions in both alternatives" mean goes away; you just say "union".
>
> If implementers would like to optimize their implementations the framework does not preclude filtering multiple occurrences of the same alternative.
>
> Regards,
>
> Asir S Vedamuthu
> Microsoft Corporation
>
>
> -----Original Message-----
> From: public-ws-policy-qa-request@w3.org [mailto:public-ws-policy-qa-request@w3.org] On Behalf Of bugzilla@wiggum.w3.org
> Sent: Friday, May 11, 2007 8:14 AM
> To: public-ws-policy-qa@w3.org
> Subject: [Bug 4552] Should the word "collection" be changed to something more specific?
>
>
> http://www.w3.org/Bugs/Public/show_bug.cgi?id=4552
>
>
> dmh@tibco.com changed:
>
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>                  CC|                            |dmh@tibco.com
>
>
>
>
> ------- Comment #1 from dmh@tibco.com  2007-05-11 15:13 -------
> My understanding from the list discussion is that policies are *sets* of
> alternatives, not bags, in that it does not matter how many times an
> alternative appears, so long as it appears.
>
> If so, then the blanket statement that "collection" means "unordered collection
> with multiple occurrences allowed" is inappropriate.  If policies are allowed
> to contain the same alternative multiple times, then someone has to say what
> the differences is between, e.g., an alternative occurring once and the same
> alternative occurring twice.
>
> Conversely, if there is no difference, then say so explicitly.  That is,
> instead of saying "A policy is a collection (unordered, multiples allowed) of
> alternatives where multiplicity doesn't matter", say directly that "A policy is
> a set of alternatives".
>
>
>
>
>   
Received on Monday, 21 May 2007 16:30:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:38:34 UTC