- From: Asir Vedamuthu <asirveda@microsoft.com>
- Date: Sun, 14 Oct 2007 16:21:51 -0700
- To: David Orchard <dorchard@bea.com>, "ashok.malhotra@oracle.com" <ashok.malhotra@oracle.com>
- CC: "public-ws-policy@w3.org" <public-ws-policy@w3.org>
Thank you Dave for asking the right question and keeping the discussion focused!
Replaying Dave's key question - when does the order of assertions in a policy alternative matter? Reading through the mail archive (~19 mails), it appears that no one has answered your question with "real" assertions.
I want to be super clear on facts ...
(a) Order of assertions in a policy alternative and order in which behaviors are applied are TWO distinct concepts (let's not conflate them).
The former is governed by the WS-Policy Framework [1] - says unordered.
The latter (order in which behaviors such as addressing, security, reliability and transaction is applied) is governed by SOAP and SOAP-based protocols [2]. The order of headers and body processing is at the DISCRETION of the SOAP node and SOAP headers may be used to control the order of processing.
(b) Order of assertions in a policy alternative has NO bearing on the order in which behaviors are applied [1].
(c) The WS-SecurityPolicy spec does NOT rely on the order of assertions in a policy alternative [3].
(d) The WS-Security spec provides producers with an option to use [encrypt, sign] or [sign, encrypt] [4]. The WS-SecurityPolicy spec provides assertions [5] to indicate the order of these cryptographic operations (runtime behavior) on a message.
Let's look at examples with "real" assertions. The order of assertions in the following policies P1-P4 (and their nested policies) are different but the policies are effectively the SAME.
P1)
<Policy>
<sp:AsymmetricBinding>
<Policy>
...
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning />
<sp:EncryptSignature />
<sp:ProtectTokens />
</Policy>
</sp:AsymmetricBinding>
<wsam:Addressing>...</wsam:Addressing>
...
</Policy>
P2)
<Policy>
<wsam:Addressing>...</wsam:Addressing>
<sp:AsymmetricBinding>
<Policy>
...
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning />
<sp:EncryptSignature />
<sp:ProtectTokens />
</Policy>
</sp:AsymmetricBinding>
...
</Policy>
P3)
<Policy>
<wsam:Addressing>...</wsam:Addressing>
<sp:AsymmetricBinding>
<Policy>
...
<sp:IncludeTimestamp />
<sp:EncryptSignature />
<sp:ProtectTokens />
<sp:EncryptBeforeSigning />
</Policy>
</sp:AsymmetricBinding>
...
</Policy>
P4)
<Policy>
<wsam:Addressing>...</wsam:Addressing>
<sp:AsymmetricBinding>
<Policy>
...
<sp:EncryptBeforeSigning />
<sp:IncludeTimestamp />
<sp:EncryptSignature />
<sp:ProtectTokens />
</Policy>
</sp:AsymmetricBinding>
...
</Policy>
[1] http://www.w3.org/TR/2007/REC-ws-policy-20070904/#rPolicy_Alternative
[2] http://www.w3.org/TR/2003/REC-soap12-part1-20030624/#procsoapmsgs
[3] http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826510
[4] WS-Security 1.1 - see section 8, lines 1173-1183 - " "Finally, if a producer wishes to sign a message before encryption, then following the ordering rules laid out in section 5, "Security Header", they SHOULD first prepend the signature element to the <wsse:Security> header, and then prepend the encryption element, ... Likewise, if a producer wishes to sign a message after encryption, they SHOULD first prepend the encryption element to the <wsse:Security> header, and then prepend the signature element." "
- http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
[5] http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826549
Regards,
Asir S Vedamuthu
Microsoft Corporation
-----Original Message-----
From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of David Orchard
Sent: Thursday, October 11, 2007 1:59 PM
To: ashok.malhotra@oracle.com
Cc: public-ws-policy@w3.org
Subject: RE: Ordering of Assertions: Comment on WS-Policy Primer LCWD
I asked my question first, and it's up to you to prove that work needs
to be done, not the other way around. That said, you don't seem to have
any intention of answering my question as you've decided to respond to
my question with a question. I learned from "Rosencrantz and
Guildenstern are dead" not to play the question game.
Cheers,
Dave
> -----Original Message-----
> From: ashok malhotra [mailto:ashok.malhotra@oracle.com]
> Sent: Thursday, October 11, 2007 1:33 PM
> To: David Orchard
> Cc: public-ws-policy@w3.org
> Subject: Re: Ordering of Assertions: Comment on WS-Policy Primer LCWD
>
> David:
> Please answer the question. Is it your position that there
> are no Policies where the order in which the assertions
> within a Policy Alternative are applied is important?
>
> Ashok
>
> David Orchard wrote:
>
> >I think the onus is on you to prove something, rather than
> me to prove
> >nothing, especially if you want the WG to do something.
> >
> >I know you are arguing that some policies need ordering.
> I'm arguing
> >you need to show some policies that need ordering.
> >
> >Cheers,
> >Dave
> >
> >
> >
> >>-----Original Message-----
> >>From: ashok malhotra [mailto:ashok.malhotra@oracle.com]
> >>Sent: Thursday, October 11, 2007 3:28 AM
> >>To: David Orchard
> >>Cc: public-ws-policy@w3.org
> >>Subject: Re: Ordering of Assertions: Comment on WS-Policy
> Primer LCWD
> >>
> >>I'll make it still shorter:
> >>
> >>I'm arguing that SOME policies need ordering. The Policy Framework
> >>says so and the fact the there are ordering assertions in WS
> >>SecurityPolicy confirms this.
> >>
> >>Are you arguing that NO policies need ordering?
> >>
> >>Ashok
> >>
> >>David Orchard wrote:
> >>
> >>
> >>
> >>>I'll make my note even shorter.
> >>>
> >>>What situations are those?
> >>>
> >>>For the 2nd time, you have failed to specify a single
> situation that
> >>>requires a change to WS-Policy. You've described a problem that
> >>>already has a solution and quotes from other people but
> >>>
> >>>
> >>those are not
> >>
> >>
> >>>answers to my question.
> >>>
> >>>In the absence of any real-world problem, the obvious thing for
> >>>WS-Policy WG to do is to close with no action.
> >>>
> >>>Cheers,
> >>>Dave
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>-----Original Message-----
> >>>>From: ashok malhotra [mailto:ashok.malhotra@oracle.com]
> >>>>Sent: Wednesday, October 10, 2007 1:59 PM
> >>>>To: David Orchard
> >>>>Cc: public-ws-policy@w3.org
> >>>>Subject: Re: Ordering of Assertions: Comment on WS-Policy
> >>>>
> >>>>
> >>Primer LCWD
> >>
> >>
> >>>>Hi Dave:
> >>>>I used the fact that WS-SecurityPolicy discusses order to
> >>>>
> >>>>
> >>motivate the
> >>
> >>
> >>>>need for order in at least some policies.
> >>>>I also quoted from the note from Tony Rogers.
> >>>>
> >>>>
> >>Subsequently, there was
> >>
> >>
> >>>>a note from Bob Natale who agrees that order is important
> >>>>
> >>>>
> >>but does not
> >>
> >>
> >>>>like the solution I suggested.
> >>>>
> >>>>What needs to be made clear is that order is not important in all
> >>>>policies, but there are situations where it is important
> >>>>
> >>>>
> >>and for these
> >>
> >>
> >>>>situations we need a solution.
> >>>>
> >>>>Ashok
> >>>>
> >>>>David Orchard wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>-----Original Message-----
> >>>>>>From: public-ws-policy-request@w3.org
> >>>>>>[mailto:public-ws-policy-request@w3.org] On Behalf Of
> >>>>>>
> >>>>>>
> >>ashok malhotra
> >>
> >>
> >>>>>>Sent: Wednesday, October 10, 2007 9:56 AM
> >>>>>>To: public-ws-policy@w3.org
> >>>>>>Subject: Ordering of Assertions: Comment on WS-Policy
> Primer LCWD
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>><snip/>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>In many cases the
> >>>>>>order in which assertions are processed may not matter, but
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>where it
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>does matter do we need to specify a special assertion for
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>every pair
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>of assertions that need to be ordered? Clearly, this is not
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>feasible
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>as the Policy processing engine will need to be undated
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>whenever a new
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>ordering assertion is added. So, what we need is a
> >>>>>>
> >>>>>>
> >>general-purpose
> >>
> >>
> >>>>>>ordering assertion.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>Your note jumps from assumption to conclusion to design
> with great
> >>>>>speed, indeed from assumption to conclusion within 3
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>sentences. Those
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>3 fleety sentences do not answer my previous emails central
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>question of
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>"when does order matter?". In case my question was
> >>>>>
> >>>>>
> >>missed, perhaps
> >>
> >>
> >>>>>because of burdensom length of my previous message, I'll ask
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>again more
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>succinctly:
> >>>>>
> >>>>>When does order matter?
> >>>>>
> >>>>>Until the use case is agreed by the WG, design discussions
> >>>>>
> >>>>>
> >>are very
> >>
> >>
> >>>>>premature IMHO.
> >>>>>
> >>>>>Cheers,
> >>>>>Dave
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>--
> >>>>All the best, Ashok
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>--
> >>All the best, Ashok
> >>
> >>
> >>
>
>
> --
> All the best, Ashok
>
Received on Sunday, 14 October 2007 23:22:11 UTC