- From: Christopher B Ferris <chrisfer@us.ibm.com>
- Date: Thu, 1 Mar 2007 14:59:43 -0500
- To: "Gilbert Pilz" <Gilbert.Pilz@bea.com>
- Cc: Doug Davis <dug@us.ibm.com>, public-ws-addressing@w3.org, "ws policy" <public-ws-policy@w3.org>, public-ws-policy-request@w3.org, tom@coastin.com, "wsrx" <ws-rx@lists.oasis-open.org>
- Message-ID: <OF444BA191.F9C1CCEE-ON85257291.006D54F6-85257291.006DD699@us.ibm.com>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsa:Addressing>
<wsa:AnonymousResponses/>
</wsa:Addressing>
</ws:All>
<wsp:All>
<wsa:Addressing/>
<wsmc:MCSupported/>
</ws:All>
</wsp:ExactlyOne>
</wsp:Policy>
I believe that is the policy that you are seeking. One could argue that
this policy is also
valid (and consistent with what we are trying to express):
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsa:Addressing>
<wsa:AnonymousResponses/>
</wsa:Addressing>
</ws:All>
<wsp:All>
<wsa:Addressing>
<wsa:NonAnonymousResponses/>
</wsa:Addressing>
<wsmc:MCSupported/>
</ws:All>
</wsp:ExactlyOne>
</wsp:Policy>
Of course, the key is that the nested policy is optional. So, for those of
you who think that the
MCanon is inconsistent with wsa:NonAnonymousResponses, then the former
example might be
more suitable.
Cheers,
Christopher Ferris
STSM, Software Group Standards Strategy
email: chrisfer@us.ibm.com
blog: http://www.ibm.com/developerworks/blogs/page/chrisferris
phone: +1 508 377 9295
"Gilbert Pilz" <Gilbert.Pilz@bea.com> wrote on 03/01/2007 02:46:40 PM:
> Except for the fact the WS-RM requires the use of WS-Addr . . .
>
> - gp
>
> From: Doug Davis [mailto:dug@us.ibm.com]
> Sent: Thursday, March 01, 2007 10:52 AM
> To: Gilbert Pilz
> Cc: public-ws-addressing@w3.org; ws policy; public-ws-policy-
> request@w3.org; tom@coastin.com; wsrx
> Subject: RE: Absence of wsam:NonAnon implies prohibition of non-anon
> response (was RE: [ws-rx] I just posted a PR comment on
> MakeConnection Policy assertion)
>
> I agree - it would not give you the semantics you want. Now, switch
> the outer "All" with "ExactlyOne" and you'd get it (I think).
>
> thanks
> -Doug
> ______________________________________________________
> STSM | Web Services Architect | IBM Software Group
> (919) 254-6905 | IBM T/L 444-6905 | dug@us.ibm.com
>
>
> "Gilbert Pilz" <Gilbert.Pilz@bea.com>
> Sent by: public-ws-policy-request@w3.org
> 03/01/2007 01:43 PM
>
> To
>
> Doug Davis/Raleigh/IBM@IBMUS
>
> cc
>
> <public-ws-addressing@w3.org>, "ws policy" <public-ws-policy@w3.
> org>, <public-ws-policy-request@w3.org>, <tom@coastin.com>, "wsrx"
> <ws-rx@lists.oasis-open.org>
>
> Subject
>
> RE: Absence of wsam:NonAnon implies prohibition of non-anon response
> (was RE: [ws-rx] I just posted a PR comment on MakeConnection
Policyassertion)
>
>
>
>
> I agree that, at a shallow level, the policy is 'valid'. However, if
> I wanted to indicate to clients that they must use ReplyTo addressesthat
are
> either wsa:anon or wsmc:anon, this is an incorrect policy. Agreed?
>
> - gp
>
> From: Doug Davis [mailto:dug@us.ibm.com]
> Sent: Thursday, March 01, 2007 10:20 AM
> To: Gilbert Pilz
> Cc: public-ws-addressing@w3.org; ws policy; public-ws-policy-
> request@w3.org; tom@coastin.com; wsrx
> Subject: Re: Absence of wsam:NonAnon implies prohibition of non-anon
> response (was RE: [ws-rx] I just posted a PR comment on
> MakeConnection Policy assertion)
>
>
> I believe this is valid from a policy perspective.
> wsa:ReplyTo must be wsa:Anon but it allows for other EPRs (just
> not wsa:ReplyTo/FaultTo) to use MCanonURI.
>
> thanks
> -Doug
> ______________________________________________________
> STSM | Web Services Architect | IBM Software Group
> (919) 254-6905 | IBM T/L 444-6905 | dug@us.ibm.com
>
> "Gilbert Pilz" <Gilbert.Pilz@bea.com>
> Sent by: public-ws-policy-request@w3.org
> 03/01/2007 01:14 PM
>
> To
>
> <tom@coastin.com>
>
> cc
>
> "wsrx" <ws-rx@lists.oasis-open.org>, <public-ws-addressing@w3.org>,
> "ws policy" <public-ws-policy@w3.org>
>
> Subject
>
> Absence of wsam:NonAnon implies prohibition of non-anon response
> (was RE: [ws-rx] I just posted a PR comment on MakeConnection
Policyassertion)
>
>
>
>
>
>
>
> Tom,
>
> It seems the following policy would be invalid under your model because
> there is no wsam:NonAnonymousResponses assertion yet a ReplyTo that
> contained an instance of the wsmc:anon URI would be a non-anonymous
> response. Do you agree?
>
> <wsp:Policy wsu:Id="RMResponsePolicy">
> <wsp:All>
> <wsam:Addressing>
> <wsp:Policy>
> <wsp:ExactlyOne>
> <wsp:All>
> <wsam:AnonymousResponses/>
> </wsp:All>
> <wsp:ExactlyOne>
> </wsp:Policy>
> </wsam:Addressing>
> <wsmc:MCRequired/>
> </wsp:All>
> </wsp:Policy>
>
> - gp
>
> > -----Original Message-----
> > From: Tom Rutt [mailto:tom@coastin.com]
> > Sent: Wednesday, February 28, 2007 4:18 PM
> > To: Gilbert Pilz
> > Cc: tom@coastin.com; wsrx; public-ws-addressing@w3.org; ws policy
> > Subject: Re: [ws-rx] I just posted a PR comment on
> > MakeConnection Policy assertion
> >
> > I put an example policy which has three alternatives
> >
> > These cover the CR33 is in my opinion.
> >
> > The following example shows an equivalent policy expression,
> > assuming proposed alternative A (wsa:NonAnonymous defined as
> > any URI value other than
> > wsa:Anonymous) is selected. This requires use of
> > MakeConnection to be treated as a special case of
> > wsam:nonAnonymous reply.
> >
> >
> >
> > <wsp:Policy> <-- Policy expression for proposed alternative
> > a) --> ..<wsp:ExactlyOne>
> >
> > ....<wsp:All>
> > ......<wsam:Addressing>
> > ........<wsp:Policy>
> > ..........<wsp:ExactlyOne>
> > ..........<!-- anon or non-anon responses required-->
> > ............<wsp:All> ..............<wsam:AnonymousResponses/>
> > ............</wsp:All>
> > ............<wsp:All>
> > ...............<wsam:NonanonymousResponses/>
> > ............</wsp:All>
> > ..........</wsp:ExactlyOne>
> > ........</wsp:Policy>
> > ......</wsam:Addressing>
> > ......<!-- wsmc:MakeConnection is not asserted as part of > this
> all, thus no statement on its use in this alternative > --.> ....
> </wsp:All>> > > ....<! Addressing required, only use makeConnection
> for reply -->
> > ....<wsp:All>
> > ......<wsam:Addressing>
> > ........<wsp:Policy>
> > ..........<wsp:ExactlyOne>
> > ..........<!-- non-anon responses required-->
> > ............<wsp:All>
> > ...............<wsam:NonanonymousResponses/>
> > ............<wsp:All>
> > ..........</wsp:ExactlyOne>
> > ........</wsp:Policy>
> > ......</wsam:Addressing>
> > ......<wsmc:MakeConnection/>
> > ....</wsp:All>
> > ..</wsp:ExactlyOne>
> > </wsp:Policy>
> >
> >
> >
> > Tom Rutt wrote:
> > > Comments below
> > >
> > > Tom Rutt
> > >
> > > Gilbert Pilz wrote:
> > >> This discussion really belongs in WS-Addr so I've
> > cross-posted . . .
> > >>
> > >> I'm very uncomfortable with the idea that the non-presence of the
> > >> wsam:NonAnonymousResponses implies that non-anonymous
> > reply addresses
> > >> are
> > >> not supported. Doesn't this just re-open the festering
> > wound of CR33?
> > >>
> > >> Both the wsam:AnonymousResponses and wsmc:MCResponses assertions
> > >> refer to
> > >> the use of fairly specific URIs, but wsam:NonAnonymousResponses
> > >> refers to
> > >> the use of *any* URI other than
> > >> "http://www.w3.org/2005/08/addressing/anonymous". To say that the
> > >> absence of
> > >> wsam:NonAnonymousResponses implies its negation is to say
> > that *only*
> > >> wsa:Anon is supported (thus ruling out things like the
> > wsmc:Anon URI).
> > >> Didn't we spend months figuring out that this wouldn't work?
> > >>
> > > Since these two policy assetions are nested in Addressing
> > asssertion,
> > > any policy maker
> > > who includes the addressing assertion is aware of the
> > semantics of its
> > > two nested policy assertion types.
> > >
> > > That policy maker can construct a policy expression which contains
> > > enough alternatives to
> > > cover all the response mechanisms it wants to use with that
> > endpoint.
> > > Anyway, lets assume we take out the text about "non presence means
> > > prohibition". if someone puts int "AnonymousResponses" nested
> > > assertion in an addressing assertion and it is a
> > requirement, that is
> > > saying that other type of responses cannot be used (since
> > anonymous is
> > > required for instances of responses). Thus to allow use of non
> > > anonymous responses and anonymous responses would require two
> > > alternative in the policy expression.
> > >
> > > If we have to deal with alternatives anyway to espress the
> > necessary
> > > semantics of replies in a policy expression, I do not see
> > the problem
> > > of having "non Presence" of the NonAnonymousResponses
> > > nested assertion in any alternative involving addressing assetion
> > > implying non-anonymous is prohibited. Just add another alternative
> > > which includes the nested assertion you want.
> > >
> > >
> > > Tom Rutt
> > >> - gp
> > >>
> > >>
> > >>> -----Original Message-----
> > >>> From: Tom Rutt [mailto:tom@coastin.com] Sent: Tuesday,
> > February 27,
> > >>> 2007 12:56 PM
> > >>> To: tom@coastin.com
> > >>> Cc: Doug Davis; wsrx
> > >>> Subject: Re: [ws-rx] I just posted a PR comment on MakeConnection
> > >>> Policy assertion
> > >>>
> > >>> Tom Rutt wrote:
> > >>>
> > >>>> Tom Rutt wrote:
> > >>>>
> > >>>>> Doug Davis wrote:
> > >>>>>
> > >>>> I now understand that your changes are required since make
> > >>> connection
> > >>>> can also be used for delivering requests.
> > >>>>
> > >>>> Thus I agree with our changes to my proposal.
> > >>>>
> > >>>> However we still need to discuss the need for a statement on Non
> > >>>> Presence implying prohibition.
> > >>>>
> > >>> After talking to some ws-policy experts, it seems that because
> > >>> MakeConnection is a first level policy assertion type, lack of
> > >>> presence of this assertion anywhere in a policy alternative says
> > >>> nothing about its use.
> > >>>
> > >>> The difference with ws addressing nested paramters is
> > that they are
> > >>> defined within the context of the first level assertion
> > "addressing"
> > >>> . This for these nested parameters, non presence within an
> > >>> asseretion of "addressing" policy implies prohibition of that
> > >>> alternative.
> > >>>
> > >>> The tricky part is if a policy has two alternatives, and one of
> > >>> those alternative includes the MakeConnection assertion,
> > that policy
> > >>> statement has introduced MakeConnection into the policy
> > vocabulary.
> > >>> In such a case, does absence in one of the assertions imply not
> > >>> using make connection?
> > >>>
> > >>> eg
> > >>>
> > >>> <wsp:Policy>
> > >>> <wsp:ExactlyOne>
> > >>> <wsp:All>
> > >>> <wsmc:MakeConnection/>
> > >>> </wsp:All>
> > >>> <wsp:All>
> > >>> <-- does this alternative prohibit use of MakeConnection?? -->
> > >>> </wsp:All>
> > >>> </wsp:ExactlyOne>
> > >>> </wsp:Policy>
> > >>>
> > >>>
> > >>>> This discsussion needs to distinguish an endpoint which
> > has
> > >>> no policy
> > >>>> statement attached, from one which has policy attached,
> > but
> > >>> does not
> > >>>> include the makeConnection assertion in any alternative.
> > >>>>
> > >>>>>> Tom,
> > >>>>>> you proposed:
> > >>>>>> Change lines 327 - 329 from:
> > >>>>>> "
> > >>>>>> The MakeConnection policy assertion indicates that the
> >
> > >>> MakeConnection
> > >>>
> > >>>>>> protocol (operation and the use of the MakeConnection
> > URI
> > >>> template in
> > >>>
> > >>>>>> EndpointReferences) is supported. This assertion has
> > >>> Endpoint Policy
> > >>>
> > >>>>>> Subject [WS-PolicyAttachment].
> > >>>>>> "
> > >>>>>> To
> > >>>>>> "
> > >>>>>> The MakeConnection policy assertion indicates that the
> >
> > >>> MakeConnection
> > >>>
> > >>>>>> protocol (operation and the use of the MakeConnection
> > URI
> > >>> template in
> > >>>
> > >>>>>> EndpointReferences) is required for instances of replies. This
> > >>>>>> assertion has Endpoint Policy Subject [WS-PolicyAttachment].
> > >>>>>> "
> > >>>>>> Since MC doesn't talk about any EPR in particular I
> > think
> > >>> it would
> > >>>>>> make more sense to reword as:
> > >>>>>> "
> > >>>>>> The MakeConnection policy assertion indicates that the
> >
> > >>> MakeConnection
> > >>>
> > >>>>>> protocol (operation and the use of the MakeConnection
> > URI
> > >>> template in
> > >>>
> > >>>>>> EndpointReferences) is required for messages from this
> >
> > >>> endpoint. This
> > >>>
> > >>>>>> assertion has Endpoint Policy Subject [WS-PolicyAttachment].
> > >>>>>>
> > >>>>> your wording removed "required for instances of
> > replies". Is this
> > >>>>> because you wish it to be used for requests as well.?
> > >>>>>
> > >>>>>> "
> > >>>>>> And then you suggested:
> > >>>>>> Change line 334 from:
> > >>>>>> "
> > >>>>>> A policy assertion that specifies that the
> > MakeConnection
> > >>> protocol is
> > >>>
> > >>>>>> supported.
> > >>>>>> "
> > >>>>>> To
> > >>>>>> "
> > >>>>>> A policy assertion that specifies that the
> > MakeConnection
> > >>> protocol is
> > >>>
> > >>>>>> required for instances of replies from an endpoint.
> > >>>>>> "
> > >>>>>> And I would suggest this instead:
> > >>>>>> "
> > >>>>>> A policy assertion that specifies that the
> > MakeConnection
> > >>> protocol is
> > >>>
> > >>>>>> required for instances of messages from this endpoint.
> > >>>>>> "
> > >>>>>>
> > >>>>>>
> > >>>>> same question, I assumed makeConnection is for
> > responses, are you
> > >>>>> are pointing out it can also be used for requests?
> > >>>>> Tom
> > >>>>>
> > >>>>>> As to Paul's question of severity of this change, it
> > >>> would seem that
> > >>>
> > >>>>>> your text is still consistent with the intent of the
> > >>> original text,
> > >>>
> > >>>>>> as such it seems like a non-substantive change. Would
> > you agree?
> > >>>>>>
> > >>>>>> thanks
> > >>>>>> -Doug
> > >>>>>> ______________________________________________________
> > >>>>>> STSM | Web Services Architect | IBM Software Group
> > >>>>>> (919) 254-6905 | IBM T/L 444-6905 | dug@us.ibm.com
> > >>>>>>
> > >>>>>>
> > >>>>> ----------------------------------------------------
> > >>>>> Tom Rutt email: tom@coastin.com; trutt@us.fujitsu.com
> > >>>>> Tel: +1 732 801 5744 Fax: +1 732 774 5133
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>> --
> > >>> ----------------------------------------------------
> > >>> Tom Rutt email: tom@coastin.com; trutt@us.fujitsu.com
> > >>> Tel: +1 732 801 5744 Fax: +1 732 774 5133
> > >>>
> > >>>
> > >>>
> > >>>
> > >
> >
> > --
> > ----------------------------------------------------
> > Tom Rutt email: tom@coastin.com; trutt@us.fujitsu.com
> > Tel: +1 732 801 5744 Fax: +1 732 774 5133
> >
> >
> >
Received on Thursday, 1 March 2007 20:00:01 UTC