- From: Tom Rutt <tom@coastin.com>
- Date: Tue, 27 Feb 2007 10:28:05 -0500
- To: tom@coastin.com
- CC: Gilbert Pilz <Gilbert.Pilz@bea.com>, Anish Karmarkar <Anish.Karmarkar@oracle.com>, Christopher B Ferris <chrisfer@us.ibm.com>, bob@freunds.com, public-ws-addressing@w3.org, public-ws-policy@w3.org
Tom Rutt wrote: > > Gilbert Pilz wrote: I now see that it is easier to define nonAnonymosResponses as NOT using wsa:Anonymous URI.for responses. I have posted a new email showing two example policy expressions, for what I call alternative a) (which agrees with Gil's interpretation) and alternative b) which treats MakeConnection as being outside of wsa:nonAnonymousResponses behaviour. The biggest problem with b) is defining "connectable URI for responses", in a transport independendent manner. My newer email is posted as: http://lists.w3.org/Archives/Public/public-ws-addressing/2007Feb/0017.html >> I don't agree. I think it comes down to how we define >> wsam:NonAnonymousResponses. If we define it to mean "anything other than >> wsa:Anonymous" than it seems to me that a message with a >> wsa:ReplyTo/wsa:Address = {some instance of the WS-MC anon URI} meets >> behavior required by the presence of wsam:NonAnonymousResponses. >> > we do not need to do this. Non anonymous can imply requirement for > addresssable reply to address with a connection to that replyTo address. > > We can always add another alternative using another response mechanism > other than non anonymous or wsa:addressing. > > Tom Rutt >> The point is that, as far as WS-Addr policies are concerned, >> wsmc:Anon is >> not a subset of or in any way related to wsa:Anon. It seems >> counter-intuitive because we "know" that they have certain message >> processing characteristics in common, but I think it makes things >> cleaner if >> we define them to be complete separate. >> >> - gp >> >> >> >>> -----Original Message----- >>> From: public-ws-addressing-request@w3.org >>> [mailto:public-ws-addressing-request@w3.org] On Behalf Of Anish >>> Karmarkar >>> Sent: Monday, February 26, 2007 9:31 AM >>> To: Christopher B Ferris >>> Cc: bob@freunds.com; public-ws-addressing@w3.org; >>> public-ws-policy@w3.org >>> Subject: Re: Last Call Working Draft Transition: Web >>> ServicesAddressing 1.0 - Metadata >>> >>> >>> It seems to me that the first recommended approach does not solve >>> the problem that we were trying to solve: allow ws-addr policy to be >>> composable with WSRM and MC spec. The 1st approach does not allow >>> one one to say: ws-addr anon reply-to is supported and no claims >>> about other reply-to addresses. >>> >>> It seems like the 2nd approach is more in line with our requirements. >>> >>> Comments? >>> >>> -Anish >>> -- >>> >>> Christopher B Ferris wrote: >>> >>>> On behalf of the WS-Policy WG, here is our feedback on the >>>> WS-Addressing Metadata specification. >>>> >>>> The document specifies a wsam:Addressing assertion that has >>> two nested >>>> assertions wsam:AnonymousResponses and wsam:NonAnonymousResponses >>>> assertions. >>>> >>>> Although the use of the wsam:Addressing assertion indicates a >>>> requirement, the nested assertions do not express >>> requirements, thus >>>> dependent behaviors. The nested assertions appear to >>> express support >>>> of a capability. >>>> >>>> In our opinion, this duality poses several problems related to both >>>> understanding the intent of the assertion and to utilization of the >>>> WS-Policy 1.5 Framework for purposes of intersection. These >>> problems >>>> are noted below, followed by our recommendations to address the >>>> problems we highlight. >>>> >>>> (A) The presence of either of the two nested assertions does not >>>> indicate a required behavior. >>>> Further, per the statements in Sections 3.1.2 and 3.1.3, >>> their absence >>>> does not indicate lack of support either: >>>> "The absence of the XX policy assertion within a policy >>>> alternative does not indicate that the >>>> endpoint will not accept request messages with >>> response endpoint >>>> EPRs that contain the anonymous >>>> URI as an address; it simply indicates the lack of any >>>> affirmation of support for XX URIs." >>>> >>>> Thus, we believe that neither the presence nor absence of >>>> wsam:AnonymousResponses or wsam:NonAnonymousResponses as >>> nested policy >>>> assetions is meaningful. >>>> >>>> Without making the semantic change to the assertions, the >>> expression >>>> exemplified below is meaningless. >>>> >>>> <wsam:Addressing> >>>> <wsp:Policy> >>>> <wsam:AnonymousResponses wsp:optional="true"/> </wsp:Policy> >>>> </wsam:Addressing> >>>> >>>> The equivalent normalized expression implies conflicting semantics. >>>> The normalized policy expression (see below) gives no >>> indication which >>>> alternative can be used. >>>> >>>> The first alternative indicates support for anonymous >>> responses, but >>>> does not indicate whether a client that does not support >>> that behavior >>>> should not use this alternative (because absence of the >>>> wsam:NonAnonymousResponses nested assertion explicitly does >>> NOT make >>>> any statement as to whether or not that feature is supported). >>>> Similarly, the second alternative makes no statement >>> what-so-ever as >>>> regards the support (or lack there-of) of anon or non-anon >>> responses. >>> >>>> <wsp:ExactlyOne> >>>> <wsp:All> >>>> <wsam:Addressing> >>>> <wsp:Policy> >>>> <wsp:ExactlyOne> >>>> <wsp:All> >>>> <wsam:AnonymousResponses/> >>>> </wsp:All> >>>> </wsp:ExactlyOne> >>>> </wsp:Policy> >>>> </wsam:Addressing> >>>> </wsp:All> >>>> <wsp:All> >>>> <wsam:Addressing> >>>> <wsp:Policy/> >>>> </wsam:Addressing> >>>> </wsp:All> >>>> </wsp:ExactlyOne> >>>> >>>> The problematic semantics expressed above makes the >>> utilization of the >>>> intersection algorithm provided by WS-Policy framework practically >>>> useless. >>>> >>>> (B) Given that the nested assertions express "support"s >>> semantics, and >>>> given that their omission says nothing about lack of support, it is >>>> not possible for an endpoint to advertise that it >>> explicitly DOES NOT >>>> support one or the other. However, it is likely that some policy >>>> authors might be lead to believe that by simply including >>> only one of >>>> the nested assertions, that a policy consumer would read that and >>>> infer that the other is not supported, despite the fact >>> that the spec >>>> says that it makes no statement. >>>> >>>> Thus, we believe that it is not possible to intersect the >>> behaviors of >>>> a consumer and a provider meaningfully to rely on the intersection >>>> algorithm alone to express required behaviors. >>>> >>>> (C) The advocation in section 3.1.6 of the use of >>> wsp:Optional='true' >>>> to enable intersection of two policy expressions when one >>> side chose >>>> to omit making any statement about its capabilities is itself >>>> problematic. >>>> Using the WS-Policy 1.5 Framework intersection, the following two >>>> policies would be compatible, despite the fact that the possible >>>> intent of the respective authors was meant to relate that ONLY the >>>> expressed nested assertion was supported (see (B)): >>>> >>>> Client: >>>> <wsam:Addressing> >>>> <wsp:Policy> >>>> <wsam:AnonymousResponses wsp:optional="true"/> </wsp:Policy> >>>> </wsam:Addressing> >>>> >>>> Server: >>>> <wsam:Addressing> >>>> <wsp:Policy> >>>> <wsam:NonAnonymousResponses wsp:optional="true"/> </wsp:Policy> >>>> </wsam:Addressing> >>>> >>>> This is because the normalized expressions would each have an >>>> alternative with an empty nested policy and the policy >>> engine applying >>>> intersection would report that there was a compatible policy >>>> alternative(s): >>>> >>>> <wsam:Addressing> >>>> <wsp:Policy/> >>>> <wsam:Addressing> >>>> >>>> Our guidelines document [1] in Section 4.5.1 further clarifies the >>>> appropriate use of wsp:optional attribute to create alternatives to >>>> indicate required and supported behaviors. >>>> >>>> Based on our review, we recommend adoption of one of the >>> two options >>>> that follow to resolve (A) and (B) above. In our view, it >>> is important >>>> to align the semantics of the nested aqssertions with the WS-Policy >>>> 1.5 Framework processing semantics. >>>> >>>> 1. One recommended approach would be to change the semantic of the >>>> nested policy assertions to represent required behavior and >>> use policy >>>> operators to convey the precise semantics. >>>> >>>> e.g. >>>> >>>> <wsam:Addressing> <!-- anon responses required, non-anon prohibited >>>> --> <wsp:Policy> >>>> <wsp:ExactlyOne> >>>> <wsp:All> <!-- anon responses required --> >>>> <wsam:AnonymousResponses/> >>>> </wsp:All> >>>> <wsp:ExactlyOne> >>>> </wsp:Policy> >>>> </wsam:Addressing> >>>> >>>> <wsam:Addressing> >>>> <wsp:Policy> >>>> <wsp:ExactlyOne> >>>> <wsp:All> <!-- non-anon responses required, anon prohibited --> >>>> <wsam:NonanonymousResponses/> >>>> </wsp:All> >>>> </wsp:ExactlyOne> >>>> </wsp:Policy> >>>> </wsam:Addressing> >>>> >>>> <wsam:Addressing> >>>> <wsp:Policy> >>>> <wsp:ExactlyOne> >>>> <wsp:All> <!-- either anon and non-anon responses required--> >>>> <wsam:AnonymousResponses/> >>>> </wsp:All> >>>> <wsp:All> >>>> <wsam:NonanonymousResponses/> >>>> <wsp:All> >>>> </wsp:ExactlyOne> >>>> </wsp:Policy> >>>> </wsam:Addressing> >>>> >>>> Note with this last one, it might be necessary to clarify that the >>>> scope of the assertion applies to a single instance of an >>> MEP, not to >>>> all instances of MEPs associated with the endpoint.... to allow the >>>> client to choose for each message exchange the appropriate type of >>>> response. >>>> >>>> Section 3.1.2 and 3.1.3 should be updated to convey that nested >>>> assertions indicate dependent behaviors by removing the quoted >>>> sections above. >>>> >>>> 2. Alternately, we believe that if the intent of the semantic to be >>>> conveyed is indeed purely informational (i.e. that an endpoint >>>> "supports" the capability) that a more appropriate means of >>> expressing >>>> this would be to use assertion parameters rather than nested policy: >>>> >>>> e.g. >>>> >>>> <wsam:Addressing> >>>> <wsam:AnonymousResponses/> >>>> <wsam:NonAnonymousResponses/> >>>> </wsam:Addressing> >>>> >>>> Note that with this second approach, the use of assertion >>> parameters >>>> would not effect policy intersection, yet the assertion parameters >>>> could be used by the policy consumer as information that it >>> could use >>>> to determine appropriate use of addressing. If formal >>> processing the >>>> assertion parameters is deemed to be necessary, then domain >>> specific >>>> intersection processing would need to be designed. For more >>>> information on usage of nested vs. parametric assertions, >>> please see >>>> Section 4.4 in our Guidelines document for details. >>>> >>>> (C) We note that the use of wsp:ignorable is not >>> appropriate in this >>>> context. Whether the semantics of the nested policy imply >>> required or >>>> "supported", we note that once the assertion >>>> (wsam:Addressing) is understood, that any nested policy or >>> parameters >>>> would also be understood by the client (by definition). >>>> Thus, we believe that the WS-Addressing Metadata >>> specification should >>>> not be making any recommendations as to the use of wsp:ignorable in >>>> section 3.1.6. >>>> >>>> (D) The WS-Addressing Metadata draft does not specify a policy >>>> subject, but implies one. Instead, the draft specifies attachment >>>> points. We recommend making the policy subject explicit. >>>> Please refer to our guideline in Section 4.6 in our Guidelines >>>> document, "An assertion description should specify a policy >>> subject. >>>> For instance, if a policy assertion is to be used with WSDL, an >>>> assertion description should specify a WSDL policy subject >>> - such as >>>> service, endpoint, operation and message." >>>> >>>> (E) The WS-Addressing Metadata draft should rule out >>> wsdl:portType and >>>> wsdl20:interface as possible attachment points. >>>> e.g, >>>> "A policy expression containing the Addressing policy >>> assertion MUST >>>> NOT be attached to a wsdl:portType or wsdl20:interface. >>>> The Addressing policy assertion specifies a concrete >>> behavior whereas >>>> the wsdl:portType or wsdl20:interface is an abstract construct." >>>> >>>> Cheers, >>>> >>>> Christopher Ferris >>>> STSM, Software Group Standards Strategy >>>> email: chrisfer@us.ibm.com >>>> blog: http://www.ibm.com/developerworks/blogs/page/chrisferris >>>> phone: +1 508 377 9295 >>>> >>>> __________________ >>>> >>>> >>>> >>>> The W3C WS-Addressing WG has published a Last Call Working Draft of >>>> Web Services Addressing 1.0 - Metadata specification. The deadline >>>> for comments is 23 February 2007. The document is available at >>>> > >>>> >>>> >>>> http://www.w3.org/TR/2007/WD-ws-addr-metadata-20070202/ >>>> >>>> >>>> >>>> We look forward to receiving any comments your WG has on this Last >>>> Call Working Drafts. Comments on this document are invited >>> and are to >>>> be sent to the public _public-ws-addressing-comments@w3.org_ >>>> <mailto:public-ws-addressing-comments@w3.org> mailing list. We are >>>> interested in particular in comments from the Web Services >>> Policy and >>>> Web Services Description Working Group. We are also interested in >>>> comments from OASIS technical committees, in particular the Web >>>> Services Reliable Exchange (WS-RX) TC. >>>> >>>> >>>> >>>> Please note that the document contains substantial changes >>> compared to >>>> the previous version. In particular, the document does no longer >>>> define a WSDL extension element or a WSDL SOAP module. This new >>>> version defines WS-Policy assertions, based on the Web >>> Services Policy 1.5 framework. >>> >>>> >>>> >>>> If your Working Group is interested in reviewing these >>> drafts, please >>>> let me know, especially if you think you need more than three weeks >>>> after publication for your review. >>>> >>>> >>>> >>>> The decision to move to Last Call was made on January 29, 2007 [1]. >>>> >>>> >>>> >>>> No formal objection has been reported. >>>> >>>> >>>> >>>> No patent disclosure has been reported. >>>> >>>> >>>> >>>> Thanks >>>> >>>> -bob >>>> >>>> >>>> >>>> W3C WS-Addressing WG chair >>>> >>>> >> >> >>>> >>>> >>>> [1] http://www.w3.org/2007/01/29-ws-addr-minutes.html >>>> >>>> >>>> >>>> >>>> >>>> Bob Freund, Hitachi, Ltd. >>>> >>>> 62 Peakham Road, Sudbury, Massachusetts 01776-2914 >>>> >>>> Tel: +1-978-440-8415, Fax: +1-978-443-2168 >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> > > -- ---------------------------------------------------- Tom Rutt email: tom@coastin.com; trutt@us.fujitsu.com Tel: +1 732 801 5744 Fax: +1 732 774 5133
Received on Tuesday, 27 February 2007 15:29:42 UTC