- From: Asir Vedamuthu via cvs-syncmail <cvsmail@w3.org>
- Date: Wed, 30 Aug 2006 00:38:13 +0000
- To: public-ws-policy-eds@w3.org
Update of /sources/public/2006/ws/policy In directory hutz:/tmp/cvs-serv6465 Modified Files: ws-policy-primer.html ws-policy-primer.xml ws-policy-framework.xml ws-policy-framework.html ws-policy-attachment.html ws-policy-attachment.xml Log Message: Implemented the resolution for issue 3561: replaced URI with IRI. Index: ws-policy-primer.html =================================================================== RCS file: /sources/public/2006/ws/policy/ws-policy-primer.html,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- ws-policy-primer.html 28 Aug 2006 05:00:10 -0000 1.6 +++ ws-policy-primer.html 30 Aug 2006 00:38:10 -0000 1.7 @@ -1,4 +1,4 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en-US"><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Web Services Policy 1.5 - Primer</title><style type="text/css"> code { font-family: monospace; } @@ -47,7 +47,7 @@ div.exampleWrapper { margin: 4px } div.exampleHeader { font-weight: bold; margin: 4px} -</style><link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/base.css"><link rel="contents" href="#contents"></head><body> +</style><link type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/base.css"><link href="#contents" rel="contents"></head><body> <div class="head"> <h1>Web Services Policy 1.5 - Primer</h1> <h2>Editors' copy $Date$ @@ @@@@ @@@@</h2><dl><dt>This version:</dt><dd> @@ -72,7 +72,7 @@ no official standing.</strong></p><p></p></div> <hr><div class="toc"> <h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#introduction">Introduction</a><br>2. <a href="#basic-concepts-policy-expression">Basic Concepts: Policy Expression</a><br> 2.1 <a href="#web-services-policy">Web Services Policy</a><br> 2.2 <a href="#simple-message">Simple Message</a><br> 2.3 <a href="#secure-message">Secure Message</a><br> 2.4 <a href="#other-assertions">Other Assertions</a><br> 2.5 <a href="#combining-policy-assertions">Combining Policy Assertions</a><br> 2.6 <a href="#optional-policy-assertion">Optional Policy Assertion</a><br> 2.7 <a href="#nested-policy-expressions">Nested Policy Expressions</a><br> 2.8 <a href="#Referencing_Policy_Expressions">Referencing Policy Expressions</a><br> 2.9 <a href="#attaching-policy-expressions-to-wsdl">Attaching Policy Expresions to WSDL</a><br> 2.10 <a href="#policy-automates-web-services-interaction">Policy Automates Web Services Interaction</a><br>3. <a href="#advanced-concepts-1-policy-expression">Advanced Concepts I: Policy Expression</a><br> 3.1 <a href="#policy-expression">Policy Expression</a><br> 3.2 <a href="#normal-form-for-policy-expressions">Normal Form for Policy Expressions</a><br> 3.3 <a href="#policy-data-model">Policy Data Model</a><br> 3.4 <a href="#compatible-policies">Compatible Policies</a><br> 3.5 <a href="#attaching-policy-expressions-to-wsdl2">Attaching Policy Expressions to WSDL</a><br> 3.6 <a href="#combine-policies">Combine Policies</a><br> 3.7 <a href="#extensibility-and-versioning">Extensibility and Versioning</a><br>4. <a href="#advanced-concepts-2-policy-assertion-design">Advanced Concepts II: Policy Assertion Desin</a><br> 4.1 <a href="#role-of-policy-assertions">Role of Policy Assertions</a><br> 4.2 <a href="#parts-of-a-policy-assertion">Parts of a Policy Assertion</a><br> 4.3 <a href="#when-to-design-policy-assertions">When to design policy assertions?</a><br> 4.3.1 <a href="#opt-in-behavior">Opt-in behavior</a><br> 4.3.2 <a href="#shared-behavior">Shared behavior</a><br> 4.3.3 <a href="#visible-behavior">Visible behavior</a><br> 4.4 <a href="#guidelines-for-designing-assertions">Guidelines for Designing Assertions</a><br> 4.4.1 <a href="#optional-behaviors">Optional Behaviors</a><br> 4.4.2 <a href="#assertion-vs-assertion-parameter">Assertion vs. assertion parameter</a><br> &bsp; 4.4.3 <a href="#leveraging-nested-policy">Leveraging Nested Policy</a><br> 4.4.4 <a href="#minimal-approach">Minimal approach</a><br> 4.4.5 <a href="#QName_and_XML_Information_Set_representation">QName and XML Information Set representation</a><br> 4.4.6 <a href="#Policy_subject_and_attachment_points">Policy subject and attachment points</a><br> 4.4.7 <a href="#versioning-behaviors">Versioning behaviors</a><br> 4.5 <a href="#describing-policy-assertions">Describing Policy Assertions</a><br>5. <a href="#conclusion">Conclusion</a><br></p> -<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#security-considerations">Security Considerations</a><br> A.1 <a href="#information-disclosure-threats">Information Disclosure Threats</a><br> A.2 <a href="#spoofing-and-tampering-threats">Spoofing and Tampering Threats</a><br> A.3 <a href="#downgrade-threats">Downgrade Threats</a><br> A.4 <a href="#repudiation-threats">Repudiation Threats</a><br> A.5 <a href="#denial-of-service-threats">Denial of Service Threats</a><br> A.6 <a href="#general-xml-considerations">General XML Considerations</a><br>B. <a href="#xml-namespaces">XML Namespaces</a><br>C. <a href="#references">References</a><br>D. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>E. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>F. <a href="#change-log">Web Services Plicy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body"> +<h3><a id="appendix" name="appendix">Appendices</a></h3><p class="toc">A. <a href="#security-considerations">Security Considerations</a><br> A.1 <a href="#information-disclosure-threats">Information Disclosure Threats</a><br> A.2 <a href="#spoofing-and-tampering-threats">Spoofing and Tampering Threats</a><br> A.3 <a href="#downgrade-threats">Downgrade Threats</a><br> A.4 <a href="#repudiation-threats">Repudiation Threats</a><br> A.5 <a href="#denial-of-service-threats">Denial of Service Threats</a><br> A.6 <a href="#general-xml-considerations">General XML Considerations</a><br>B. <a href="#xml-namespaces">XML Namespaces</a><br>C. <a href="#references">References</a><br>D. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>E. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>F. <a href="#change-log">Web Services Plicy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body"> <div class="div1"> <h2><a name="introduction"></a>1. Introduction</h2> @@ -167,7 +167,7 @@ <h3><a name="simple-message"></a>2.2 Simple Message</h3> <p>Let us start by considering a SOAP Message in the example below.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-1. </span>SOAP Message</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-1. </span>SOAP Message</i></p> <div class="exampleInner"><pre><soap:Envelope> <soap:Header> <wsa:To>http://stock.contoso.com/realquote</wsa:To> @@ -207,7 +207,7 @@ <p>How does Contoso use policy to represent the use of addressing? The example below illustrates a policy expression that requires the use of addressing.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-2. </span>Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-2. </span>Policy Expression</i></p> <div class="exampleInner"><pre><Policy> <wsap:UsingAddressing /> </Policy></pre></div> @@ -235,7 +235,7 @@ <p>In addition to requiring the use of addressing, Contoso requires the use of transport-level security for protecting messages.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-3. </span>Secure Message</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-3. </span>Secure Message</i></p> <div class="exampleInner"><pre><soap:Envelope> <soap:Header> <wss:Security soap:mustUnderstand="1" > @@ -259,7 +259,7 @@ using a policy expression. The example below illustrates a policy expression that requires the use of addressing and transport-level security for securing messages.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-4. </span>Addressing and Security Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-4. </span>Addressing and Security Policy Expression</i></p> <div class="exampleInner"><pre><Policy> <wsap:UsingAddressing /> <sp:TransportBinding>...</sp:TransportBinding> @@ -349,7 +349,7 @@ policy assertions using the <code>Policy</code> or <code>All</code> operator means that all the behaviors represented by these assertions are required.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-5. </span>Addressing and Security Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-5. </span>Addressing and Security Policy Expression</i></p> <div class="exampleInner"><pre><All> <wsap:UsingAddressing /> <sp:TransportBinding>…</sp:TransportBinding> @@ -361,7 +361,7 @@ message-level security for protecting messages, Contoso uses the <code>sp:AsymmetricBinding</code> policy assertion (see the example below).</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-6. </span>Asymmetric Binding Security Policy Assertion</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-6. </span>Asymmetric Binding Security Policy Assertion</i></p> <div class="exampleInner"><pre><sp:AsymmetricBinding>…</sp:AsymmetricBinding></pre></div> </div> <p>The <code>sp:AsymmetricBinding</code> element is a policy assertion. (The prefix @@ -376,7 +376,7 @@ the assertions. The policy expression in the example below requires the use of either transport- or message-level security for protecting messages.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-7. </span>Transport- or Message-Level Security Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-7. </span>Transport- or Message-Level Security Policy Expression</i></p> <div class="exampleInner"><pre><ExactlyOne> <sp:TransportBinding>…</sp:TransportBinding> <sp:AsymmetricBinding>…</sp:AsymmetricBinding> @@ -389,7 +389,7 @@ policy expression in the example below requires the use of addressing and one of transport- or message-level security for protecting messages.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-8. </span>Addressing and Transport- OR Message-Level Security Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-8. </span>Addressing and Transport- OR Message-Level Security Policy Expression</i></p> <div class="exampleInner"><pre><All> <wsap:UsingAddressing /> <ExactlyOne> @@ -412,7 +412,7 @@ <p>To indicate the use of optimization using the Optimized MIME Serialization, Contoso uses the <code>mtom:OptimizedMimeSerialization</code> policy assertion (see the example below).</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-9. </span>Optimized MIME Serialization Policy Assertion</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-9. </span>Optimized MIME Serialization Policy Assertion</i></p> <div class="exampleInner"><pre><mtom:OptimizedMimeSerialization /></pre></div> </div> <p>The <code>mtom:OptimizedMimeSerialization</code> element is a policy assertion. (The @@ -432,7 +432,7 @@ optional. This policy expression allows the use of optimization and requires the use of addressing and one of transport- or message-level security.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-10. </span>Optional MIME Serialization, Addressing and Transport- OR Message-Level Security + <p class="exampleHead" style="text-align: left"><i><span>Example 2-10. </span>Optional MIME Serialization, Addressing and Transport- OR Message-Level Security Policy Expression</i></p> <div class="exampleInner"><pre><All> <mtom:OptimizedMimeSerialization wsp:Optional="true"/> @@ -479,7 +479,7 @@ behavior of the <code>sp:TransportBinding</code> policy assertion (which already requires the use of transport-level security for protecting messages).</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-11. </span>Transport Security Policy Assertion</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-11. </span>Transport Security Policy Assertion</i></p> <div class="exampleInner"><pre><sp:TransportBinding> <Policy> <sp:TransportToken> @@ -520,42 +520,42 @@ and requirements consistently across all of their offerings without duplicating policy expressions multiple times. How? It is simple - a policy expression can be named and referenced for re-use.</p> - <p>A policy expression may be identified by a URI and referenced for re-use as a standalone + <p>A policy expression may be identified by an IRI and referenced for re-use as a standalone policy or within another policy expression. There are two mechanisms to identify a policy expression: the <code>wsu:Id</code> and <code>Name</code> attributes. A <code>PolicyReference</code> element can be used to reference a policy expression identified using either of these mechanisms.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-12. </span>Common Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-12. </span>Common Policy Expression</i></p> <div class="exampleInner"><pre><Policy wsu:Id=”common”> <mtom:OptimizedMimeSerialization wsp:Optional="true"/> <wsap:UsingAddressing /> </Policy></pre></div> </div> <p>In the example above, the <code>wsu:Id</code> attribute is used to identify a policy - expression. The value of the <code>wsu:Id</code> attribute is an XML ID. The relative URI + expression. The value of the <code>wsu:Id</code> attribute is an XML ID. The relative IRI for referencing this policy expression (within the same document) is <code>#common</code>. - If the policy document URI is <code>http://real.contoso.com/policy.xml</code> then the - absolute URI for referencing this policy expression is - <code>http://real.contoso.com/policy.xml#common. (</code>The absolute URI is formed by - combining the document URI, <code>#</code> and the value of the <code>wsu:Id</code> + If the policy document IRI is <code>http://real.contoso.com/policy.xml</code> then the + absolute IRI for referencing this policy expression is + <code>http://real.contoso.com/policy.xml#common. (</code>The absolute IRI is formed by + combining the document IRI, <code>#</code> and the value of the <code>wsu:Id</code> attribute.)</p> <p>For re-use, a<code>PolicyReference</code> element can be used to reference a policy expression as a standalone policy or within another policy expression. The example below is a policy expression that re-uses the common policy expression above.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-13. </span>PolicyReference to Common Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-13. </span>PolicyReference to Common Policy Expression</i></p> <div class="exampleInner"><pre><PolicyReference URI="#common"/></pre></div> </div> <p>For referencing a policy expression within the same XML document, Contoso uses the - <code>wsu:Id</code> attribute for identifying a policy expression and a URI to this ID + <code>wsu:Id</code> attribute for identifying a policy expression and an IRI to this ID value for referencing this policy expression using a <code>PolicyReference</code> element.</p> <p>The example below is a policy expression that re-uses the common policy expression within another policy expression. This policy expression requires the use of addressing, one of transport- or message-level security for protecting messages and allows the use of optimization.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-14. </span>Secure Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-14. </span>Secure Policy Expression</i></p> <div class="exampleInner"><pre><Policy wsu:Id=”secure”> <All> <PolicyReference URI="#common"/> @@ -567,14 +567,14 @@ </Policy></pre></div> </div> <p>The <code>Name</code> attribute is an alternate mechanism to identify a policy - expression. The value of the <code>Name</code> attribute is an absolute URI and is + expression. The value of the <code>Name</code> attribute is an absolute IRI and is independent of the location of the XML document where the identified policy expression resides in. As such, referencing a policy expression using the <code>Name</code> attribute relies on additional out of band information. In the example below, the <code>Name</code> - attribute identifies the policy expression. The URI of this policy expression is + attribute identifies the policy expression. The IRI of this policy expression is <code>http://real.contoso.com/policy/common</code>.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-15. </span>Common Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-15. </span>Common Policy Expression</i></p> <div class="exampleInner"><pre><Policy Name=”http://real.contoso.com/policy/common”> <mtom:OptimizedMimeSerialization wsp:Optional="true"/> <wsap:UsingAddressing /> @@ -582,7 +582,7 @@ </div> <p>The example below is a policy expression that re-uses the common policy expression above.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-16. </span>PolicyReference to Common Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-16. </span>PolicyReference to Common Policy Expression</i></p> <div class="exampleInner"><pre><PolicyReference URI="http://real.contoso.com/policy/common"/></pre></div> </div> </div> @@ -604,7 +604,7 @@ description. This includes all the message exchanges described by operations in the <code>RealTimeDataInterface</code>.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-17. </span>Secure Policy Expression Attached to WSDL Binding</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-17. </span>Secure Policy Expression Attached to WSDL Binding</i></p> <div class="exampleInner"><pre><wsdl:binding name="SecureBinding" type="tns:RealTimeDataInterface" > <PolicyReference URI="#secure" /> <wsdl:operation name="GetRealQuote">…</wsdl:operation> @@ -619,7 +619,7 @@ security for these services, but requires the use of addressing and allows the use of optimization.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 2-18. </span>Open Policy Expression Attached to WSDL Binding</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 2-18. </span>Open Policy Expression Attached to WSDL Binding</i></p> <div class="exampleInner"><pre><wsdl:binding name="OpenBinding" type="tns:DelayedDataInterface" > <PolicyReference URI="#common" /> <wsdl:operation name="GetDelayedQuote">…</wsdl:operation> @@ -713,7 +713,7 @@ <p>Let us take a closer look at Contoso’s policy expression (see below) from the previous section.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-1. </span>Contoso’s Secure Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-1. </span>Contoso’s Secure Policy Expression</i></p> <div class="exampleInner"><pre><Policy> <All> <mtom:OptimizedMimeSerialization wsp:Optional="true"/> @@ -741,7 +741,7 @@ <p>The normal form uses a subset of constructs used in the compact form and follows a simple outline for its XML representation:</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-2. </span>Normal Form for Policy Expressions</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-2. </span>Normal Form for Policy Expressions</i></p> <div class="exampleInner"><pre><Policy> <ExactlyOne> <All> @@ -770,7 +770,7 @@ policy alternatives: one that requires the use of transport-level security and the other that requires the use of message-level security for protecting messages.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-3. </span>Transport- or Message-Level Security Policy Expression in Normal Form</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-3. </span>Transport- or Message-Level Security Policy Expression in Normal Form</i></p> <div class="exampleInner"><pre><Policy> <ExactlyOne> <All> @@ -803,7 +803,7 @@ </li> </ol> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-4. </span>Contoso’s Secure Policy Expression in Compact Form</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-4. </span>Contoso’s Secure Policy Expression in Compact Form</i></p> <div class="exampleInner"><pre><Policy wsu:Id=”secure”> <All> <PolicyReference URI=”#common”/> @@ -826,7 +826,7 @@ four policy alternatives in the normal form. These alternatives map to bullets (a) through (d) above.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-5. </span>Contoso’s Policy Expression in Normal Form</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-5. </span>Contoso’s Policy Expression in Normal Form</i></p> <div class="exampleInner"><pre><Policy> <ExactlyOne> <All> <!-- - - - - - - - - - - - - - Policy Alternative (a) --> @@ -864,27 +864,27 @@ are:</p> <ul> <li> - <p>Do nothing. A policy expression with the referenced URI is already known to be + <p>Do nothing. A policy expression with the referenced IRI is already known to be available in a local cache or chip (embedded systems).</p> </li> <li> - <p>Use the referenced URI and retrieve an existing policy expression from the containing + <p>Use the referenced IRI and retrieve an existing policy expression from the containing XML document: a policy element with an XML ID.</p> </li> <li> - <p>Use the referenced URI and retrieve a policy expression from some policy repository + <p>Use the referenced IRI and retrieve a policy expression from some policy repository (local or remote) or catalog. Policy tools may use any protocols (say Web Services Metadata Exchange) for such metadata retrieval. These protocols may require additional out of band information.</p> </li> <li> - <p>Attempt to resolve the referenced URI on the Web. This may resolve to a policy + <p>Attempt to resolve the referenced IRI on the Web. This may resolve to a policy element or a resource that contains a policy element.</p> </li> </ul> <p>If the referenced policy expression is in the same XML document as the reference, then the policy expression should be identified using the <code>wsu:Id</code> (XML ID) - attribute and referenced using a URI reference to this XML ID value.</p> + attribute and referenced using an IRI reference to this XML ID value.</p> </div> <div class="div2"> @@ -899,7 +899,7 @@ requirements or conditions for an interaction. In simple words, each policy alternative represents a set of conditions for an interaction. The diagram below describes the policy data model.</p> - <div class="figure" style="text-align: center"><br><img src="ws-policy-data-model.jpg" alt="WS-Policy Data Model"><p style="text-align:left"><i><span>Figure 3-1. </span>WS-Policy Data Model</i></p><br></div> + <div style="text-align: center" class="figure"><br><img src="ws-policy-data-model.jpg" alt="WS-Policy Data Model"><p style="text-align:left"><i><span>Figure 3-1. </span>WS-Policy Data Model</i></p><br></div> <p>A policy-aware client uses a policy to determine whether one of these policy alternatives (i.e. the conditions for an interaction) can be met in order to interact with the associated Web Service. Such clients may choose any of these policy alternatives and must @@ -953,7 +953,7 @@ </ul> <p>The diagram below describes this mapping from the normal form of a policy expression to the policy data model.</p> - <div class="figure" style="text-align: center"><br><img src="normal-form-2-data-model.jpg" alt="Mapping from Normal Form to Policy Data Model"><p style="text-align:left"><i><span>Figure 3-2. </span>Mapping from Normal Form to Policy Data Model</i></p><br></div> + <div style="text-align: center" class="figure"><br><img src="normal-form-2-data-model.jpg" alt="Mapping from Normal Form to Policy Data Model"><p style="text-align:left"><i><span>Figure 3-2. </span>Mapping from Normal Form to Policy Data Model</i></p><br></div> </div> <div class="div2"> @@ -967,7 +967,7 @@ policy alternatives. Of them, one of the policy alternatives requires the use of addressing and transport-level security.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-6. </span>Contoso’s Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-6. </span>Contoso’s Policy Expression</i></p> <div class="exampleInner"><pre><Policy> <ExactlyOne> <All> <!-- - - - - - - - - - Contoso’s Policy Alternative (a) --> @@ -986,7 +986,7 @@ contains one policy alternative that requires the use of addressing and transport-level security.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-7. </span>Tony’s Policy Expression in Normal Form</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-7. </span>Tony’s Policy Expression in Normal Form</i></p> <div class="exampleInner"><pre><Policy> <ExactlyOne> <All> <!-- - - - - - - - - - - - - - Tony’s Policy Alternative --> @@ -1039,7 +1039,7 @@ subjects: message, operation, endpoint and service. When attached, capabilities and requirements represented by a policy expression apply to a message exchange or message associated with (or described by) a policy subject.</p> - <div class="figure" style="text-align: center"><br><img src="policy-subjects-in-wsdl.jpg" alt="Policy Subjects and Effective Policy in WSDL"><p style="text-align:left"><i><span>Figure 3-3. </span>Policy Subjects and Effective Policy in WSDL</i></p><br></div> + <div style="text-align: center" class="figure"><br><img src="policy-subjects-in-wsdl.jpg" alt="Policy Subjects and Effective Policy in WSDL"><p style="text-align:left"><i><span>Figure 3-3. </span>Policy Subjects and Effective Policy in WSDL</i></p><br></div> <p>The WSDL <code>service</code> element represents the service policy subject. Policy expressions associated with a service policy subject apply to any message exchange using any of the endpoints offered by that service.</p> @@ -1060,7 +1060,7 @@ that message.</p> <p>In the example below, the policy expression is attached to an endpoint policy subject.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-8. </span>Contoso’s Policy Expression Attached to WSDL binding Element</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-8. </span>Contoso’s Policy Expression Attached to WSDL binding Element</i></p> <div class="exampleInner"><pre><wsdl:binding name="SecureBinding" type="tns:RealTimeDataInterface" > <PolicyReference URI="#secure" /> <wsdl:operation name="GetRealQuote">…</wsdl:operation> @@ -1108,7 +1108,7 @@ attached to the <code>SecureBinding</code> WSDL binding and<code>RealTimeDataPort</code> WSDL port descriptions.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-9. </span>Multiple Policy Expressions Attached to Endpoint Policy Subject </i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-9. </span>Multiple Policy Expressions Attached to Endpoint Policy Subject </i></p> <div class="exampleInner"><pre><Policy wsu:Id=”common2”> <mtom:OptimizedMimeSerialization wsp:Optional="true"/> <wsap:UsingAddressing /> @@ -1153,7 +1153,7 @@ words, the combination of two policies is the cross product of alternatives in these two policies.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-10. </span>Effective Policy of the Endpoint Policy Subject in the Previous Example</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-10. </span>Effective Policy of the Endpoint Policy Subject in the Previous Example</i></p> <div class="exampleInner"><pre><Policy> <All> <Policy> @@ -1194,7 +1194,7 @@ <p>The example below represents a Contoso version 1 policy expression. This expression requires the use of addressing and transport-level security for protecting messages. </p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-11. </span>Contoso’s Version 1 Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-11. </span>Contoso’s Version 1 Policy Expression</i></p> <div class="exampleInner"><pre><Policy> <ExactlyOne> <All> @@ -1214,7 +1214,7 @@ clients have the option to migrate from using old policy alternatives to new policy alternatives.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 3-12. </span>Contoso’s Version 2 Policy Expression</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 3-12. </span>Contoso’s Version 2 Policy Expression</i></p> <div class="exampleInner"><pre><Policy> <ExactlyOne> <All> @@ -1307,7 +1307,7 @@ <p>Let us look at the anatomy of a policy assertion from the security domain. The policy expression in the diagram below uses the <code>sp:IssuedToken</code> policy assertion. This assertion illustrates the use of assertion parameters and nested policy.</p> - <div class="figure" style="text-align: center"><br><img src="policy-assertion.jpg" alt="sp:IssuedToken Policy Assertion"><p style="text-align:left"><i><span>Figure 4-1. </span>sp:IssuedToken Policy Assertion</i></p><br></div> + <div style="text-align: center" class="figure"><br><img src="policy-assertion.jpg" alt="sp:IssuedToken Policy Assertion"><p style="text-align:left"><i><span>Figure 4-1. </span>sp:IssuedToken Policy Assertion</i></p><br></div> <p>The <code>sp:IssuedToken</code> element is a policy assertion that identifies the use of a security token – such as SAML token - issued by a third party for protecting messages. A policy assertion is an XML element. The QName of this element represents the behavior @@ -1490,7 +1490,7 @@ additional useful information for engaging the behavior that is irrelevant to compatibility tests.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 4-1. </span>Policy Assertion with Assertion Parameters</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 4-1. </span>Policy Assertion with Assertion Parameters</i></p> <div class="exampleInner"><pre><Policy> <sp:SignedParts> <sp:Body /> @@ -1606,7 +1606,7 @@ Such equivalent behaviors can be modeled as independent assertions. The policy expression in the example below requires the use of WSS: SOAP Message Security 1.0.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 4-2. </span>Message-level Security and WSS: SOAP Message Security 1.0</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 4-2. </span>Message-level Security and WSS: SOAP Message Security 1.0</i></p> <div class="exampleInner"><pre><Policy> <sp:Wss10>…</sp:Wss10> </Policy></pre></div> @@ -1615,7 +1615,7 @@ Security 1.1. These are multiple equivalent behaviors and are represented using distinct policy assertions.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 4-3. </span>Message-level Security and WSS: SOAP Message Security 1.1</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 4-3. </span>Message-level Security and WSS: SOAP Message Security 1.1</i></p> <div class="exampleInner"><pre><Policy> <sp:Wss11>…</sp:Wss11> </Policy></pre></div> @@ -1728,7 +1728,7 @@ policy alternatives, number of assertions in an alternative, depth of nested policy expressions, etc.</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example A-1. </span>Chained Policy Reference Elements</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example A-1. </span>Chained Policy Reference Elements</i></p> <div class="exampleInner"><pre><Policy wsu:Id="p1"> <PolicyReference URI="#p2"/ > <PolicyReference URI="#p2"/> @@ -1994,9 +1994,7 @@ <h2><a name="change-description"></a>E. Changes in this Version of the Document (Non-Normative)</h2> <p>A list of substantive changes since the previous publication is below:</p> <ul> - <li> - <p>TBD</p> - </li> + <li><p>Replaced URI with IRI.</p></li> </ul> </div> <div class="div1"> @@ -2016,6 +2014,15 @@ <td rowspan="1" colspan="1">Created first draft per action item <a href="http://www.w3.org/2006/07/12-ws-policy-minutes.html#action02">2</a> from the Austin F2F. This draft is based on a <a href="http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001.html">contribution</a> from Microsoft.</td> </tr> + <tr> + <td rowspan="1" colspan="1">20060829</td> + <td rowspan="1" colspan="1">ASV</td> + <td rowspan="1" colspan="1">Implemented the + <a href="http://www.w3.org/2006/08/23-ws-policy-minutes.html#action06">resolution</a> + for issue + <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3561">3561</a>: replaced URI with IRI. + </td> + </tr> </tbody> </table><br> </div> Index: ws-policy-primer.xml =================================================================== RCS file: /sources/public/2006/ws/policy/ws-policy-primer.xml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- ws-policy-primer.xml 17 Aug 2006 15:53:13 -0000 1.4 +++ ws-policy-primer.xml 30 Aug 2006 00:38:11 -0000 1.5 @@ -507,7 +507,7 @@ and requirements consistently across all of their offerings without duplicating policy expressions multiple times. How? It is simple - a policy expression can be named and referenced for re-use.</p> - <p>A policy expression may be identified by a URI and referenced for re-use as a standalone + <p>A policy expression may be identified by an IRI and referenced for re-use as a standalone policy or within another policy expression. There are two mechanisms to identify a policy expression: the <code>wsu:Id</code> and <code>Name</code> attributes. A <code>PolicyReference</code> element can be used to reference a policy expression @@ -520,12 +520,12 @@ </Policy></eg> </example> <p>In the example above, the <code>wsu:Id</code> attribute is used to identify a policy - expression. The value of the <code>wsu:Id</code> attribute is an XML ID. The relative URI + expression. The value of the <code>wsu:Id</code> attribute is an XML ID. The relative IRI for referencing this policy expression (within the same document) is <code>#common</code>. - If the policy document URI is <code>http://real.contoso.com/policy.xml</code> then the - absolute URI for referencing this policy expression is - <code>http://real.contoso.com/policy.xml#common. (</code>The absolute URI is formed by - combining the document URI, <code>#</code> and the value of the <code>wsu:Id</code> + If the policy document IRI is <code>http://real.contoso.com/policy.xml</code> then the + absolute IRI for referencing this policy expression is + <code>http://real.contoso.com/policy.xml#common. (</code>The absolute IRI is formed by + combining the document IRI, <code>#</code> and the value of the <code>wsu:Id</code> attribute.)</p> <p>For re-use, a<code>PolicyReference</code> element can be used to reference a policy expression as a standalone policy or within another policy expression. The example below @@ -535,7 +535,7 @@ <eg xml:space="preserve"><PolicyReference URI="#common"/></eg> </example> <p>For referencing a policy expression within the same XML document, Contoso uses the - <code>wsu:Id</code> attribute for identifying a policy expression and a URI to this ID + <code>wsu:Id</code> attribute for identifying a policy expression and an IRI to this ID value for referencing this policy expression using a <code>PolicyReference</code> element.</p> <p>The example below is a policy expression that re-uses the common policy expression within another policy expression. This policy expression requires the use of addressing, one of @@ -554,11 +554,11 @@ </Policy></eg> </example> <p>The <code>Name</code> attribute is an alternate mechanism to identify a policy - expression. The value of the <code>Name</code> attribute is an absolute URI and is + expression. The value of the <code>Name</code> attribute is an absolute IRI and is independent of the location of the XML document where the identified policy expression resides in. As such, referencing a policy expression using the <code>Name</code> attribute relies on additional out of band information. In the example below, the <code>Name</code> - attribute identifies the policy expression. The URI of this policy expression is + attribute identifies the policy expression. The IRI of this policy expression is <code>http://real.contoso.com/policy/common</code>.</p> <example> <head>Common Policy Expression</head> @@ -846,27 +846,27 @@ are:</p> <ulist> <item> - <p>Do nothing. A policy expression with the referenced URI is already known to be + <p>Do nothing. A policy expression with the referenced IRI is already known to be available in a local cache or chip (embedded systems).</p> </item> <item> - <p>Use the referenced URI and retrieve an existing policy expression from the containing + <p>Use the referenced IRI and retrieve an existing policy expression from the containing XML document: a policy element with an XML ID.</p> </item> <item> - <p>Use the referenced URI and retrieve a policy expression from some policy repository + <p>Use the referenced IRI and retrieve a policy expression from some policy repository (local or remote) or catalog. Policy tools may use any protocols (say Web Services Metadata Exchange) for such metadata retrieval. These protocols may require additional out of band information.</p> </item> <item> - <p>Attempt to resolve the referenced URI on the Web. This may resolve to a policy + <p>Attempt to resolve the referenced IRI on the Web. This may resolve to a policy element or a resource that contains a policy element.</p> </item> </ulist> <p>If the referenced policy expression is in the same XML document as the reference, then the policy expression should be identified using the <code>wsu:Id</code> (XML ID) - attribute and referenced using a URI reference to this XML ID value.</p> + attribute and referenced using an IRI reference to this XML ID value.</p> </div2> <div2 id="policy-data-model"> <head>Policy Data Model</head> @@ -1949,9 +1949,7 @@ <head>Changes in this Version of the Document</head> <p>A list of substantive changes since the previous publication is below:</p> <ulist> - <item> - <p>TBD</p> - </item> + <item><p>Replaced URI with IRI.</p></item> </ulist> </inform-div1> <inform-div1 id="change-log"> @@ -1979,6 +1977,15 @@ href="http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001.html" >contribution</loc> from Microsoft.</td> </tr> + <tr> + <td>20060829</td> + <td>ASV</td> + <td>Implemented the + <loc href="http://www.w3.org/2006/08/23-ws-policy-minutes.html#action06">resolution</loc> + for issue + <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3561">3561</loc>: replaced URI with IRI. + </td> + </tr> </tbody> </table> </inform-div1> Index: ws-policy-framework.xml =================================================================== RCS file: /sources/public/2006/ws/policy/ws-policy-framework.xml,v retrieving revision 1.28 retrieving revision 1.29 diff -u -d -r1.28 -r1.29 --- ws-policy-framework.xml 28 Aug 2006 20:12:22 -0000 1.28 +++ ws-policy-framework.xml 30 Aug 2006 00:38:11 -0000 1.29 @@ -628,8 +628,8 @@ <head>Policy Identification</head> <p>A <termref def='policy_expression'>policy expression</termref> -<rfc2119>MAY</rfc2119> be associated with a URI [<bibref ref='RFC3986'/>]. The schema outline -for attributes to associate a URI is as follows:</p> +<rfc2119>MAY</rfc2119> be associated with an IRI [<bibref ref='RFC3987'/>]. The schema outline +for attributes to associate an IRI is as follows:</p> <eg xml:space="preserve"><wsp:Policy ( Name="<emph>xs:anyURI</emph>" )? ( wsu:Id="<emph>xs:ID</emph>" | xml:id="<emph>xs:ID</emph>" )? @@ -639,18 +639,18 @@ <p>The following describes the Attribute Information Items listed and defined in the schema outline above:</p> <glist><gitem> <label><att>/wsp:Policy/@Name</att></label> -<def><p>The identity of the policy expression as an absolute URI [<bibref ref='RFC3986'/>]. If -omitted, there is no implied value. This URI <rfc2119>MAY</rfc2119> be +<def><p>The identity of the policy expression as an absolute IRI [<bibref ref='RFC3987'/>]. If +omitted, there is no implied value. This IRI <rfc2119>MAY</rfc2119> be used to refer to a policy from other XML documents using a <termref def='policy_attachment'>policy attachment</termref> mechanism such as those defined in WS-PolicyAttachment [<bibref ref="WS-PolicyAttachment"/>]. </p></def> </gitem> <gitem> -<label><att>/wsp:Policy/{@wsu:Id | @xml:id}</att></label> +<label><att>/wsp:Policy/(@wsu:Id | @xml:id)</att></label> <def><p>The identity of the policy expression as an <code>ID</code> within the enclosing XML document. If omitted, there is no implied value. To -refer to this policy expression, a URI-reference +refer to this policy expression, an IRI-reference <rfc2119>MAY</rfc2119> be formed using this value per Section 4.2 of WS-Security [<bibref ref="WS-Security" />] when @wsu:Id is used.</p> <p>The use of <code>xml:id</code> attribute in conjunction with Canonical XML 1.0 is @@ -663,7 +663,7 @@ </glist> <p>The following example illustrates how to associate a policy -expression with the absolute URI +expression with the absolute IRI <code>"http://www.example.com/policies/P1"</code>:</p> <eg xml:space="preserve">(01) <wsp:Policy @@ -671,7 +671,7 @@ xmlns:wsp="&nsuri;" > (02) <!-- Details omitted for readability --> (03) </wsp:Policy></eg> -<p>The following example illustrates how to associate a policy expression with the URI-reference <code>"#P1"</code>:</p> +<p>The following example illustrates how to associate a policy expression with the IRI-reference <code>"#P1"</code>:</p> <eg xml:space="preserve">(01) <wsp:Policy wsu:Id="P1" xmlns:wsp="&nsuri;" @@ -1134,7 +1134,15 @@ </gitem> <gitem> <label><att>/wsp:Policy/…/wsp:PolicyReference/@URI</att></label> -<def><p>This attribute references a policy expression by URI. For a policy expression within the same XML Document, the reference <rfc2119>SHOULD</rfc2119> be a URI-reference to a policy expression identified by an <code>ID</code>. For an external policy expression, there is no requirement that the URI be resolvable; retrieval mechanisms are beyond the scope of this specification. After retrieval, there is no requirement to check that the retrieved policy expression is associated (Section <specref ref="Policy_Identification"/>) with this URI. The URI included in the retrieved policy expression, if any, <rfc2119>MAY</rfc2119> be different than the URI used to retrieve the policy expression. </p></def> +<def><p>This attribute references a policy expression by an IRI. For a policy +expression within the same XML Document, the reference <rfc2119>SHOULD</rfc2119> be an +IRI-reference to a policy expression identified by an <code>ID</code>. +For an external policy expression, there is no requirement that the IRI +be resolvable; retrieval mechanisms are beyond the scope of this specification. +After retrieval, there is no requirement to check that the retrieved policy +expression is associated (Section <specref ref="Policy_Identification"/>) with this IRI. +The IRI included in the retrieved policy expression, if any, <rfc2119>MAY</rfc2119> be +different than the IRI used to retrieve the policy expression. </p></def> </gitem> <gitem> <label><att>/wsp:Policy/…/wsp:PolicyReference/@Digest</att></label> @@ -1328,12 +1336,12 @@ Engineering Task Force, June 1999. Available at http://www.ietf.org/rfc/rfc2119.txt. </bibl> - <bibl key="IETF RFC 3986" href="http://www.ietf.org/rfc/rfc3986.txt" id="RFC3986"> - <titleref>Uniform Resource Identifier (URI): Generic - Syntax</titleref>, T. Berners-Lee, R. Fielding, and - L. Masinter, Authors. Internet Engineering Task Force, + <bibl key="IETF RFC 3987" href="http://www.ietf.org/rfc/rfc3987.txt" id="RFC3987"> + <titleref>Internationalized Resource Identifiers (IRIs) + </titleref>, M. Duerst and M. Suignard, + Authors. Internet Engineering Task Force, January 2005. Available at - http://www.ietf.org/rfc/rfc3986.txt. + http://www.ietf.org/rfc/rfc3987.txt. </bibl> <bibl id="WS-Security" key="WS-Security 2004" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf"> <titleref>Web Services Security: SOAP Message Security 1.0 @@ -1522,7 +1530,9 @@ <p>A list of substantive changes since the Working Draft dated 31 July 2006 is below:</p> <ulist> - <item><p>TBD</p></item> + <item><p>Added support for the <code>xml:id</code> attribute.</p></item> + <item><p>Added an empty conformance section.</p></item> + <item><p>Replaced URI with IRI.</p></item> </ulist> </inform-div1> <inform-div1 id="change-log"> @@ -1669,6 +1679,15 @@ <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3590">3590</loc>. for adding document attribute extensbility of wsp:Policy/@{any} and wsp:Policy/.../wsp:PolicyReference/@{any} </td> + </tr> + <tr> + <td>20060829</td> + <td>ASV</td> + <td>Implemented the + <loc href="http://www.w3.org/2006/08/23-ws-policy-minutes.html#action06">resolution</loc> + for issue + <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3561">3561</loc>: replaced URI with IRI. + </td> </tr> </tbody> </table> Index: ws-policy-attachment.html =================================================================== RCS file: /sources/public/2006/ws/policy/ws-policy-attachment.html,v retrieving revision 1.33 retrieving revision 1.34 diff -u -d -r1.33 -r1.34 --- ws-policy-attachment.html 28 Aug 2006 05:00:10 -0000 1.33 +++ ws-policy-attachment.html 30 Aug 2006 00:38:11 -0000 1.34 @@ -1,4 +1,4 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en-US"><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Web Services Policy 1.5 - Attachment</title><style type="text/css"> code { font-family: monospace; } @@ -47,7 +47,7 @@ div.exampleWrapper { margin: 4px } div.exampleHeader { font-weight: bold; margin: 4px} -</style><link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/base.css"><link rel="contents" href="#contents"></head><body> +</style><link type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/base.css"><link href="#contents" rel="contents"></head><body> <div class="head"> <h1>Web Services Policy 1.5 - Attachment</h1> <h2>Editors' copy $Date$ @@ @@@@ @@@@</h2><dl><dt>This version:</dt><dd> @@ -75,7 +75,7 @@ no official standing.</strong></p><p></p></div> <hr><div class="toc"> <h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#tocRange">Introduction</a><br>2. <a href="#NotationsTerminology">Notations and Terminology</a><br> 2.1 <a href="#NotationalConventions">Notational Conventions</a><br> 2.2 <a href="#XMLNamespaces">XML Namespaces</a><br> 2.3 <a href="#Glossary">Terminology</a><br> 2.4 <a href="#Example">Example</a><br>3. <a href="#rPolicyAttachment">Policy Attachment</a><br> 3.1 <a href="#rEffectivePolicy">Effective Policy</a><br> 3.2 <a href="#PolicyAttachmentMechanisms">Policy Attachment Mechanisms</a><br> 3.3 <a href="#XMLElementAttachement">XML Element Attachment</a><br> 3.4 <a href="#ExternalPolicyAttachment">External Policy Attachment</a><br>4. <a href="#AttachingPolicyUsingWSDL1.1">Attaching Policies Using WSDL 1.1</a><br> 4.1 <a href="#CaculatingEffectivyPolicywithWSDL1.1">Calculating Effective Policy in WSDL 1.1</a><br> 4.1.1 <a href="#ServicePolicySubject">Service Policy Subject</a><br> 4.1.2 <a href="#EndpointPolicySubject">Endpoint Policy Subject</a><br> 4.1.3 <a href="#OperationPolicySubject">Operation Policy Subject</a><br> 4.1.4 <a href="#MessagePolicySubject">Message Policy Subject</a><br> 4.1.5 <a href="#Example2">Example</a><br>5. <a href="#AttachingPoliciesUsingUDDI">Attaching Policies Using UDDI</a><br> 5.1 <a href="#CalculatingEffectivePolicyElementPolicyUDDI">Calculating Effective Policy and Element Policy in UDDI</a><br> 5.1.1 <a href="#ServiceProviderPolicySubjectUDDI">Service Provider Policy Subject</a><br> nbsp; 5.1.2 <a href="#ServicePolicySubjectUDDI">Service Policy Subject</a><br> 5.1.3 <a href="#EndpointPolicySubjectUDDI">Endpoint Policy Subject</a><br> 5.2 <a href="#ReferencingRemotePolicyExpressions">Referencing Remote Policy Expressions</a><br> 5.3 <a href="#RegisteringReusablePolicyExpressions">Registering Reusable Policy Expressions</a><br> 5.4 <a href="#RegisteringPoliciesUDDIVersion3">Registering Policies in UDDI Version 3</a><br>6. <a href="#SecurityConsiderations">Security Considerations</a><br>7. <a href="#Conformance">Conformance</a><br></p> -<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#References">References</a><br> A.1 <a href="#Normative-References">Normative References</a><br> A.2 <a href="#Informative-References">Other References</a><br>B. <a href="#AppendixA">UDDI tModel Definitions</a><br> B.1 <a href="#RemotePolicyReferenceCategorySystem">Remote Policy Reference Category System</a><br> B.1.1 <a href="#DesigGoals1">Design Goals</a><br> B.1.2 <a href="#tModelDefinition1">tModel Definition</a><br> B.1.3 <a href="#ModelStructure1">tModel Structure</a><br> B.2 <a href="#WS-PolicyTypesCategorySystem">Web Services Policy Types Category System</a><br> B.2.1 <a href="#DesignGoals2">Design Goals</a><br> &bsp; B.2.2 <a href="#tModelDefinition2">tModel Definition</a><br> B.2.3 <a href="#ModelStructure2">tModel Structure</a><br> B.3 <a href="#LocalPolicyReferenceCategorySystem">Local Policy Reference Category System</a><br> B.3.1 <a href="#DesignGoals3">Design Goals</a><br> B.3.2 <a href="#tModelDefinition3">tModel Definition</a><br> B.3.3 <a href="#ModelStructure3">tModel Structure</a><br>C. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>D. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>E. <a href="#change-log">Web Services Policy 1.5 - Attachment Change Log</a> (Non-Normative)<br></p></div><hr><div class="body"> +<h3><a id="appendix" name="appendix">Appendices</a></h3><p class="toc">A. <a href="#References">References</a><br> A.1 <a href="#Normative-References">Normative References</a><br> A.2 <a href="#Informative-References">Other References</a><br>B. <a href="#AppendixA">UDDI tModel Definitions</a><br> B.1 <a href="#RemotePolicyReferenceCategorySystem">Remote Policy Reference Category System</a><br> B.1.1 <a href="#DesigGoals1">Design Goals</a><br> B.1.2 <a href="#tModelDefinition1">tModel Definition</a><br> B.1.3 <a href="#ModelStructure1">tModel Structure</a><br> B.2 <a href="#WS-PolicyTypesCategorySystem">Web Services Policy Types Category System</a><br> B.2.1 <a href="#DesignGoals2">Design Goals</a><br> &bsp; B.2.2 <a href="#tModelDefinition2">tModel Definition</a><br> B.2.3 <a href="#ModelStructure2">tModel Structure</a><br> B.3 <a href="#LocalPolicyReferenceCategorySystem">Local Policy Reference Category System</a><br> B.3.1 <a href="#DesignGoals3">Design Goals</a><br> B.3.2 <a href="#tModelDefinition3">tModel Definition</a><br> B.3.3 <a href="#ModelStructure3">tModel Structure</a><br>C. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>D. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>E. <a href="#change-log">Web Services Policy 1.5 - Attachment Change Log</a> (Non-Normative)<br></p></div><hr><div class="body"> <div class="div1"> <h2><a name="tocRange"></a>1. Introduction</h2> @@ -272,32 +272,32 @@ <p>We introduce the following terms that are used throughout this document:</p> <p>EdNote: script will insert termdefs here</p> -<p>[<a name="policy" title="policy">Definition</a>: A <b>policy</b> is a +<p>[<a title="policy" name="policy">Definition</a>: A <b>policy</b> is a collection of <a title="policy alternative" href="#policy_alternative">policy alternatives</a>. ]</p> -<p>[<a name="policy_alternative" title="policy alternative">Definition</a>: A +<p>[<a title="policy alternative" name="policy_alternative">Definition</a>: A <b>policy alternative</b> is a collection of <a title="policy assertion" href="#policy_assertion">policy assertions</a>.]</p> -<p>[<a name="policy_assertion" title="policy assertion">Definition</a>: A +<p>[<a title="policy assertion" name="policy_assertion">Definition</a>: A <b>policy assertion</b> represents an individual requirement, capability, or other property of a behavior.]</p> -<p>[<a name="policy_expression" title="policy expression">Definition</a>: A +<p>[<a title="policy expression" name="policy_expression">Definition</a>: A <b>policy expression</b> is an XML Infoset representation of a <a title="policy" href="#policy">policy</a>, either in a normal form or in an equivalent compact form. ]</p> -<p>[<a name="policy_subject" title="policy subject">Definition</a>: A <b>policy +<p>[<a title="policy subject" name="policy_subject">Definition</a>: A <b>policy subject</b> is an entity (e.g., an endpoint, message, resource, interaction) with which a <a title="policy" href="#policy">policy</a> can be associated. ]</p> -<p>[<a name="policy_scope" title="policy scope">Definition</a>: A <b>policy +<p>[<a title="policy scope" name="policy_scope">Definition</a>: A <b>policy scope</b> is a collection of <a title="policy subject" href="#policy_subject">policy subjects</a> to which a policy may apply.]</p> -<p>[<a name="policy_attachment" title="policy attachment">Definition</a>: A +<p>[<a title="policy attachment" name="policy_attachment">Definition</a>: A <b>policy attachment</b> is a mechanism for associating <a title="policy" href="#policy">policy</a> with one or more <a title="policy scope" href="#policy_scope">policy scopes</a>.]</p> </div> @@ -315,7 +315,7 @@ [<cite><a href="#WS-SecurityPolicy">WS-SecurityPolicy</a></cite>].</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><a name="Table2"></a><i><span>Example 2-1. </span>Example RM Policy Expression.</i></p> + <p class="exampleHead" style="text-align: left"><a name="Table2"></a><i><span>Example 2-1. </span>Example RM Policy Expression.</i></p> <div class="exampleInner"><pre>(01) <wsp:Policy xmlns:rmp="http://docs.oasis-open.org/ws-rx/wsrmp/200602" xmlns:wsp="http://www.w3.org/@@@@/@@/policy" @@ -330,7 +330,7 @@ (08) </wsp:Policy></pre></div> </div> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><a name="Table3"></a><i><span>Example 2-2. </span>Example X509 Security Policy Expression.</i></p> + <p class="exampleHead" style="text-align: left"><a name="Table3"></a><i><span>Example 2-2. </span>Example X509 Security Policy Expression.</i></p> <div class="exampleInner"><pre>(01) <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsp="http://www.w3.org/@@@@/@@/policy" @@ -410,13 +410,13 @@ subject, and other attachments may be made by UDDI and other mechanisms.</p> - <p>When multiple attachments are made, [<a name="effective_policy" title="effective policy">Definition</a>: the + <p>When multiple attachments are made, [<a title="effective policy" name="effective_policy">Definition</a>: the <b>effective policy</b>, for a given <a title="policy subject" href="#policy_subject">policy subject</a>, is the combination of relevant policies. The relevant policies are those attached to <a title="policy scope" href="#policy_scope">policy scopes</a> that contain the <a title="policy subject" href="#policy_subject">policy subject</a>.] </p> - <p>This combination can be achieved by: [<a name="merge" title="merge">Definition</a>: a <b>merge</b> + <p>This combination can be achieved by: [<a title="merge" name="merge">Definition</a>: a <b>merge</b> consists of serializing each policy as a <a title="policy expression" href="#policy_expression">policy expression</a>, replacing their <code class="elt">wsp:Policy</code> element with a @@ -425,7 +425,7 @@ element.] The resulting policy expression is considered to represent the combined policy of all of the attachments to that subject.</p> - <p>Such calculated policy expressions have no meaningful URI of their own. </p> + <p>Such calculated policy expressions have no meaningful IRI of their own. </p> </div> <div class="div2"> @@ -465,14 +465,14 @@ <p>The namespace URI [<cite><a href="#XML-NS">XML Namespaces</a></cite>] for this attribute is <code>http://www.w3.org/@@@@/@@/policy</code>.</p> <p>The <code class="attr">wsp:PolicyURIs</code> attribute contains a white -space-separated list of one or more URIs [<cite><a href="#RFC3986">IETF RFC 3986</a></cite>]. When this attribute is used, +space-separated list of one or more IRIs [<cite><a href="#RFC3987">IETF RFC 3987</a></cite>]. When this attribute is used, each of the values identifies a <a title="policy expression" href="#policy_expression">policy expression</a> as defined by -[<cite><a href="#WS-Policy">Web Services Policy Framework</a></cite>]. If more than one URI is specified, the +[<cite><a href="#WS-Policy">Web Services Policy Framework</a></cite>]. If more than one IRI is specified, the individual referenced <a title="policy" href="#policy">policies</a> need to be <a title="merge" href="#merge">merged</a> together to form a single element <a title="policy expression" href="#policy_expression">policy expression</a>. The resultant <a title="policy" href="#policy">policy</a> is then associated with the element information item's <a title="element policy" href="#element_policy">element policy</a> -property. [<a name="element_policy" title="element policy">Definition</a>: The +property. [<a title="element policy" name="element_policy">Definition</a>: The <b>element policy</b> is the <a title="policy" href="#policy">policy</a> attached to the <a title="policy subject" href="#policy_subject">policy subjects</a> associated with the element information item that contains it.]</p> @@ -492,7 +492,7 @@ it would result in an <a title="element policy" href="#element_policy">element policy</a> whose XML 1.0 representation is listed in <a href="#Table4">Example 3-1</a>:</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><a name="Table4"></a><i><span>Example 3-1. </span>Example Merged Policy Expression.</i></p> + <p class="exampleHead" style="text-align: left"><a name="Table4"></a><i><span>Example 3-1. </span>Example Merged Policy Expression.</i></p> <div class="exampleInner"><pre>(01) <wsp:Policy xmlns:rmp="http://docs.oasis-open.org/ws-rx/wsrmp/200602" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" @@ -512,7 +512,7 @@ (14) </sp:AsymmetricBinding> (15) </wsp:Policy></pre></div> </div> -<p>Note that this <a title="element policy" href="#element_policy">element policy</a> has no meaningful URI.</p> +<p>Note that this <a title="element policy" href="#element_policy">element policy</a> has no meaningful IRI.</p> <p>The presence of the <code class="attr">wsp:PolicyURIs</code> attribute does not prohibit implementations from using additional mechanisms for associating <a title="policy expression" href="#policy_expression">policy expressions</a> with XML-based constructs.</p> @@ -540,7 +540,7 @@ attachment, the <a title="policy expression" href="#policy_expression">policy expressions</a> being bound, and optional security information. The <a title="policy scope" href="#policy_scope">policy scope</a> of the attachment is defined using one or more extensible domain expressions that identify <a title="policy subject" href="#policy_subject">policy subjects</a>, -typically using URIs.</p> +typically using IRIs.</p> <p>Domain expressions identify the domain of the association. That is, the set of <a title="policy subject" href="#policy_subject">policy subjects</a> that will be considered for inclusion in the scope using an extensible domain expression model. Domain @@ -718,11 +718,11 @@ or ports) are only considered in the <a title="effective policy" href="#effective_policy">effective policy</a> of that deployed resource itself.</p> -<div class="figure" style="text-align: center"><a name="Figure1"></a><br><img src="effective-policy-scope.png" alt="Effective Policy and Policy Scopes in WSDL"><p style="text-align:left"><i><span>Figure 4-1. </span>Effective Policy and Policy Scopes in WSDL</i></p><br></div> +<div style="text-align: center" class="figure"><a name="Figure1"></a><br><img src="effective-policy-scope.png" alt="Effective Policy and Policy Scopes in WSDL"><p style="text-align:left"><i><span>Figure 4-1. </span>Effective Policy and Policy Scopes in WSDL</i></p><br></div> <p>(This graphic is also available in SVG format <a href="effective-policy-scope.svg">here</a>.)</p> <p>When attaching policies at different levels of the WSDL hierarchy, care must be taken. -A message exchange with a deployed endpoint <span class="rfc2119">MAY</span> be described by the +A message exchange with an endpoint <span class="rfc2119">MAY</span> be described by the <a title="effective policy" href="#effective_policy">effective policies</a> in all four subject types simultaneously.</p> @@ -887,7 +887,7 @@ <a href="#Table5">Example 4-1</a> that references policies. </p> <div class="exampleOuter"> -<p style="text-align: left" class="exampleHead"><a name="Table5"></a><i><span>Example 4-1. </span>Example Policy Attached to WSDL.</i></p> +<p class="exampleHead" style="text-align: left"><a name="Table5"></a><i><span>Example 4-1. </span>Example Policy Attached to WSDL.</i></p> <div class="exampleInner"><pre>(01) <wsdl11:definitions name="StockQuote" targetNamespace="http://www.example.com/stock/binding" xmlns:tns="http://www.example.com/stock/binding" @@ -954,7 +954,7 @@ whose XML 1.0 representation is listed in <a href="#Table6">Example 4-2</a>.</p> <div class="exampleOuter"> -<p style="text-align: left" class="exampleHead"><a name="Table6"></a><i><span>Example 4-2. </span>Example Message Security Policy Expression.</i></p> +<p class="exampleHead" style="text-align: left"><a name="Table6"></a><i><span>Example 4-2. </span>Example Message Security Policy Expression.</i></p> <div class="exampleInner"><pre>(01) <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsp="http://www.w3.org/@@@@/@@/policy" @@ -1106,16 +1106,16 @@ tModel so that UDDI registry users can expect the same behavior across different UDDI registries.</p> -<p>The tModel's valid values are those URIs that identify external +<p>The tModel's valid values are those IRIs that identify external <a title="policy expression" href="#policy_expression">policy expressions</a>; that is, when referencing this category system in a <code class="elt">categoryBag</code> , the corresponding <code class="attr">keyValue</code> of the <code class="elt">keyedReference</code> is the -URI of the <a title="policy expression" href="#policy_expression">policy expression</a>.</p> +IRI of the <a title="policy expression" href="#policy_expression">policy expression</a>.</p> <p>Using the remote policy reference category system, one can then associate a <a title="policy expression" href="#policy_expression">policy expression</a> with a <code class="elt">businessEntity</code> , a <code class="elt">businessService</code> , and a tModel using the entity's <code class="elt">categoryBag</code> . For example, associating the <a title="policy expression" href="#policy_expression">policy expression</a> that is identified by the -URI <code>http://www.example.com/myservice/policy</code> with a <code class="elt">businessService</code> is +IRI <code>http://www.example.com/myservice/policy</code> with a <code class="elt">businessService</code> is done as follows: </p> <div class="exampleInner"><pre><businessService serviceKey="…" > @@ -1132,7 +1132,7 @@ <p>The <code class="attr">tModelKey</code> of the <code class="elt">keyedReference</code> <span class="rfc2119">MUST</span> match the fixed <code class="attr">tModelKey</code> from the remote policy reference category -system. The <code class="attr">keyValue</code> <span class="rfc2119">MUST</span> be the URI that +system. The <code class="attr">keyValue</code> <span class="rfc2119">MUST</span> be the IRI that identifies the <a title="policy expression" href="#policy_expression">policy expression</a>.</p> <p>A different approach has to be taken to associate a <a title="policy expression" href="#policy_expression">policy @@ -1158,7 +1158,7 @@ <p>The <code class="attr">tModelKey</code> of the <code class="elt">tModelInstanceInfo</code> <span class="rfc2119">MUST</span> match the fixed <code class="attr">tModelKey</code> from the remote policy reference category system as defined above. The <code class="elt">instanceParms</code> <span class="rfc2119">MUST</span> be -the URI that identifies the <a title="policy expression" href="#policy_expression">policy expression</a>.</p> +the IRI that identifies the <a title="policy expression" href="#policy_expression">policy expression</a>.</p> </div> <div class="div2"> @@ -1172,7 +1172,7 @@ <a href="#WS-PolicyTypesCategorySystem"><b>B.2 Web Services Policy Types Category System</b></a>.</p> <p>The following illustrates a tModel for the <a title="policy expression" href="#policy_expression">policy expression</a> -identified by the URI +identified by the IRI <code>http://www.example.com/myservice/policy</code>.</p> <div class="exampleInner"><pre><tModel tModelKey="uuid:04cfa…"> @@ -1204,9 +1204,9 @@ general. The second <code class="elt">keyedReference</code> designates the <a title="policy expression" href="#policy_expression">policy expression</a> the tModel represents by using the approach from the section above. This is necessary in order to enable UDDI inquiries for -particular <a title="policy expression" href="#policy_expression">policy expressions</a> based on their URI.</p> +particular <a title="policy expression" href="#policy_expression">policy expressions</a> based on their IRI.</p> -<p>Note that the <a title="policy expression" href="#policy_expression">policy expression</a> URI is also specified in the +<p>Note that the <a title="policy expression" href="#policy_expression">policy expression</a> IRI is also specified in the tModel's overview URL to indicate that it is a resolvable URL to actually retrieve the <a title="policy expression" href="#policy_expression">policy expression</a>.</p> @@ -1329,7 +1329,7 @@ <p>Third, inquiries for reusable <a title="policy expression" href="#policy_expression">policy expression</a> tModels and UDDI entities that are associated with remote <a title="policy expression" href="#policy_expression">policy expression</a> is enhanced by the wildcard mechanism for keyValues in keyedReferences. For -example, searching for all <a title="policy expression" href="#policy_expression">policy expression</a> tModels whose URI starts +example, searching for all <a title="policy expression" href="#policy_expression">policy expression</a> tModels whose IRI starts with <code>http://www.example.com/</code>, the following <code>find_tModel</code> API call can be used: </p> @@ -1397,11 +1397,12 @@ Task Force, June 1999. Available at http://www.ietf.org/rfc/rfc2119.txt. </dd> - <dt class="label"><a name="RFC3986"></a>[IETF RFC 3986] </dt><dd> - <cite><a href="http://www.ietf.org/rfc/rfc3986.txt">Uniform Resource Identifier (URI): Generic - Syntax</a></cite>, T. Berners-Lee, R. Fielding, and - L. Masinter, Authors. Internet Engineering Task Force, January - 2005. Available at http://www.ietf.org/rfc/rfc3986.txt. + <dt class="label"><a name="RFC3987"></a>[IETF RFC 3987] </dt><dd> + <cite><a href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource Identifiers (IRIs) + </a></cite>, M. Duerst and M. Suignard, + Authors. Internet Engineering Task Force, + January 2005. Available at + http://www.ietf.org/rfc/rfc3987.txt. </dd> <dt class="label"><a name="UDDIAPI20"></a>[UDDI API 2.0] </dt><dd> @@ -1581,7 +1582,7 @@ <div class="div3"> <h4><a name="DesigGoals1"></a>B.1.1 Design Goals</h4> -<p>This tModel is used to attach a <a title="policy" href="#policy">policy</a> to a UDDI entity by referencing the policy's URI.</p> +<p>This tModel is used to attach a <a title="policy" href="#policy">policy</a> to a UDDI entity by referencing the policy's IRI.</p> </div> <div class="div3"> @@ -1769,7 +1770,8 @@ <p>A list of substantive changes since the Working Draft dated 31 July 2006 is below:</p> <ul> - <li><p>TBD</p></li> + <li><p>Added an empty conformance section.</p></li> + <li><p>Replaced URI with IRI.</p></li> </ul> </div> <div class="div1"> @@ -1913,6 +1915,15 @@ <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3605">3605</a>: typo in example. </td> </tr> + <tr> + <td rowspan="1" colspan="1">20060829</td> + <td rowspan="1" colspan="1">ASV</td> + <td rowspan="1" colspan="1">Implemented the + <a href="http://www.w3.org/2006/08/23-ws-policy-minutes.html#action06">resolution</a> + for issue + <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3561">3561</a>: replaced URI with IRI. + </td> + </tr> </tbody> </table><br> </div> Index: ws-policy-framework.html =================================================================== RCS file: /sources/public/2006/ws/policy/ws-policy-framework.html,v retrieving revision 1.24 retrieving revision 1.25 diff -u -d -r1.24 -r1.25 --- ws-policy-framework.html 28 Aug 2006 20:12:23 -0000 1.24 +++ ws-policy-framework.html 30 Aug 2006 00:38:11 -0000 1.25 @@ -1,4 +1,4 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en-US"><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Web Services Policy 1.5 - Framework</title><style type="text/css"> code { font-family: monospace; } @@ -47,7 +47,7 @@ div.exampleWrapper { margin: 4px } div.exampleHeader { font-weight: bold; margin: 4px} -</style><link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/base.css"><link rel="contents" href="#contents"></head><body> +</style><link type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/base.css"><link href="#contents" rel="contents"></head><body> <div class="head"> <h1>Web Services Policy 1.5 - Framework</h1> <h2>Editors' copy $Date$ @@ @@@@ @@@@</h2><dl><dt>This version:</dt><dd> @@ -73,7 +73,7 @@ no official standing.</strong></p><p></p></div> <hr><div class="toc"> <h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#tocRange">Introduction</a><br> 1.1 <a href="#Goals">Goals</a><br> 1.2 <a href="#Example">Example</a><br>2. <a href="#Notation_Terminilogy">Notations and Terminology</a><br> 2.1 <a href="#Notational_Conventions">Notational Conventions</a><br> 2.2 <a href="#Extensibility">Extensibility</a><br> 2.3 <a href="#XML_Namespaces">XML Namespaces</a><br> 2.4 <a href="#Terminology">Terminology</a><br>3. <a href="#Policy_Model">Policy Model</a><br> 3.1 <a href="#rPolicy_Assertion">Policy Assertion</a><br> 3.2 <a href="#rPolicy_Alternative">Policy Alternative</a><br> 3.3 <a href="#rPolicy">Policy</a><br> 3.4 <a href="#Web_services">Web services</a><br>4. <a href="#rPolicy_Expression">Policy Expression</a><br> &nbs; 4.1 <a href="#Normal_Form_Policy_Expression">Normal Form Policy Expression</a><br> 4.2 <a href="#Policy_Identification">Policy Identification</a><br> 4.3 <a href="#Compact_Policy_Expression">Compact Policy Expression</a><br> 4.3.1 <a href="#Optional_Policy_Assertions">Optional Policy Assertions</a><br> 4.3.2 <a href="#Policy_Assertion_Nesting">Policy Assertion Nesting</a><br> 4.3.3 <a href="#Policy_Operators">Policy Operators</a><br> 4.3.4 <a href="#Policy_Inclusion">Policy Inclusion</a><br> 4.4 <a href="#Policy_Intersection">Policy Intersection</a><br>5. <a href="#Security_Considerations">Security Considerations</a><br>6. <a href="#Conformance">Conformance</a><br></p> -<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#References">References</a><br> A.1 <a href="#Normative-References">Normative References</a><br> A.2 <a href="#Informative-References">Other References</a><br>B. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>C. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>D. <a href="#change-log">Web Services Policy 1.5 - Framework Change Log</a> (Non-Normative)<br></p></div><hr><div class="body"> +<h3><a id="appendix" name="appendix">Appendices</a></h3><p class="toc">A. <a href="#References">References</a><br> A.1 <a href="#Normative-References">Normative References</a><br> A.2 <a href="#Informative-References">Other References</a><br>B. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>C. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>D. <a href="#change-log">Web Services Policy 1.5 - Framework Change Log</a> (Non-Normative)<br></p></div><hr><div class="body"> <div class="div1"> <h2><a name="tocRange"></a>1. Introduction</h2> @@ -83,11 +83,11 @@ entities in a Web services-based system. </p> - <p>[<a name="policy" title="policy">Definition</a>: A <b>policy</b> is a collection of + <p>[<a title="policy" name="policy">Definition</a>: A <b>policy</b> is a collection of <a title="policy alternative" href="#policy_alternative">policy alternatives</a>, ] - where [<a name="policy_alternative" title="policy alternative">Definition</a>: a <b>policy alternative</b> + where [<a title="policy alternative" name="policy_alternative">Definition</a>: a <b>policy alternative</b> is a collection of <a title="policy assertion" href="#policy_assertion">policy assertions</a>.] - [<a name="policy_assertion" title="policy assertion">Definition</a>: A <b>policy assertion</b> + [<a title="policy assertion" name="policy_assertion">Definition</a>: A <b>policy assertion</b> represents an individual requirement, capability, or other property of a behavior.] Some policy assertions specify traditional requirements and capabilities that @@ -101,12 +101,12 @@ <p>Web Services Policy 1.5 - Framework does not specify policy discovery or <a title="policy attachment" href="#policy_attachment">policy attachment</a>. - [<a name="policy_attachment" title="policy attachment">Definition</a>: A + [<a title="policy attachment" name="policy_attachment">Definition</a>: A <b>policy attachment</b> is a mechanism for associating <a title="policy" href="#policy">policy</a> with one or more <a title="policy scope" href="#policy_scope">policy scopes</a>.] - [<a name="policy_scope" title="policy scope">Definition</a>: A <b>policy scope</b> is a collection of + [<a title="policy scope" name="policy_scope">Definition</a>: A <b>policy scope</b> is a collection of <a title="policy subject" href="#policy_subject">policy subjects</a> to which a policy may apply.] - [<a name="policy_subject" title="policy subject">Definition</a>: A <b>policy subject</b> is an entity + [<a title="policy subject" name="policy_subject">Definition</a>: A <b>policy subject</b> is an entity (e.g., an endpoint, message, resource, interaction) with which a <a title="policy" href="#policy">policy</a> can be associated. ] @@ -132,7 +132,7 @@ <p> An XML Infoset called a <a title="policy expression" href="#policy_expression">policy expression</a> that contains domain-specific, Web - Service policy information. [<a name="policy_expression" title="policy expression">Definition</a>: A <b>policy expression</b> + Service policy information. [<a title="policy expression" name="policy_expression">Definition</a>: A <b>policy expression</b> is an XML Infoset representation of a <a title="policy" href="#policy">policy</a>, either in a normal form or in an equivalent compact form. ]</p></li> @@ -153,7 +153,7 @@ assertions defined in WS-SecurityPolicy [<cite><a href="#WS-SecurityPolicy">WS-SecurityPolicy</a></cite>]:</p> <div class="exampleOuter"> - <p style="text-align: left" class="exampleHead"><i><span>Example 1-1. </span>Use of Web Services Policy with security policy assertions.</i></p> + <p class="exampleHead" style="text-align: left"><i><span>Example 1-1. </span>Use of Web Services Policy with security policy assertions.</i></p> <div class="exampleInner"><pre> (01) <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" @@ -378,7 +378,7 @@ type</a> is identified only by the XML Infoset <strong>[namespace name]</strong> and <strong>[local name]</strong> properties (that is, the qualified name or QName) of the root Element Information Item representing the assertion. - [<a name="policy_assertion_type" title="policy assertion type">Definition</a>: A <b>policy assertion type</b> + [<a title="policy assertion type" name="policy_assertion_type">Definition</a>: A <b>policy assertion type</b> represents a class of <a title="policy assertion" href="#policy_assertion">policy assertions</a> and implies a schema for the assertion and assertion-specific semantics.] Assertions of @@ -398,7 +398,7 @@ <p>The XML Infoset of a <a title="policy assertion" href="#policy_assertion">policy assertion</a> <span class="rfc2119">MAY</span> contain a non-empty <strong>[attributes]</strong> property and/or a non-empty <strong>[children]</strong> property. Such content <span class="rfc2119">MAY</span> be used to parameterize the behavior indicated by the assertion. - [<a name="policy_assertion_parameter" title="policy assertion parameter">Definition</a>: A <b>policy assertion parameter</b> + [<a title="policy assertion parameter" name="policy_assertion_parameter">Definition</a>: A <b>policy assertion parameter</b> qualifies the behavior indicated by a <a title="policy assertion" href="#policy_assertion">policy assertion</a>.] For example, an assertion identifying support for a specific reliable @@ -430,7 +430,7 @@ <p>The vocabulary of a policy alternative is the set of all <a title="policy assertion type" href="#policy_assertion_type">policy assertion types</a> within the alternative. - [<a name="policy_vocabulary" title="policy vocabulary">Definition</a>: A <b>policy vocabulary</b> is the set of all + [<a title="policy vocabulary" name="policy_vocabulary">Definition</a>: A <b>policy vocabulary</b> is the set of all <a title="policy assertion type" href="#policy_assertion_type">policy assertion types</a> used in a policy.] An assertion whose type is part of the policy's vocabulary but is not included in @@ -614,8 +614,8 @@ <h3><a name="Policy_Identification"></a>4.2 Policy Identification</h3> <p>A <a title="policy expression" href="#policy_expression">policy expression</a> -<span class="rfc2119">MAY</span> be associated with a URI [<cite><a href="#RFC3986">IETF RFC 3986</a></cite>]. The schema outline -for attributes to associate a URI is as follows:</p> +<span class="rfc2119">MAY</span> be associated with an IRI [<cite><a href="#RFC3987">IETF RFC 3987</a></cite>]. The schema outline +for attributes to associate an IRI is as follows:</p> <div class="exampleInner"><pre><wsp:Policy ( Name="<em>xs:anyURI</em>" )? ( wsu:Id="<em>xs:ID</em>" | xml:id="<em>xs:ID</em>" )? @@ -625,16 +625,16 @@ <p>The following describes the Attribute Information Items listed and defined in the schema outline above:</p> <dl> <dt class="label"><code class="attr">/wsp:Policy/@Name</code> </dt> -<dd><p>The identity of the policy expression as an absolute URI [<cite><a href="#RFC3986">IETF RFC 3986</a></cite>]. If -omitted, there is no implied value. This URI <span class="rfc2119">MAY</span> be +<dd><p>The identity of the policy expression as an absolute IRI [<cite><a href="#RFC3987">IETF RFC 3987</a></cite>]. If +omitted, there is no implied value. This IRI <span class="rfc2119">MAY</span> be used to refer to a policy from other XML documents using a <a title="policy attachment" href="#policy_attachment">policy attachment</a> mechanism such as those defined in WS-PolicyAttachment [<cite><a href="#WS-PolicyAttachment">Web Services Policy Attachment</a></cite>]. </p></dd> -<dt class="label"><code class="attr">/wsp:Policy/{@wsu:Id | @xml:id}</code> </dt> +<dt class="label"><code class="attr">/wsp:Policy/(@wsu:Id | @xml:id)</code> </dt> <dd><p>The identity of the policy expression as an <code>ID</code> within the enclosing XML document. If omitted, there is no implied value. To -refer to this policy expression, a URI-reference +refer to this policy expression, an IRI-reference <span class="rfc2119">MAY</span> be formed using this value per Section 4.2 of WS-Security [<cite><a href="#WS-Security">WS-Security 2004</a></cite>] when @wsu:Id is used.</p> <p>The use of <code>xml:id</code> attribute in conjunction with Canonical XML 1.0 is @@ -647,7 +647,7 @@ </dl> <p>The following example illustrates how to associate a policy -expression with the absolute URI +expression with the absolute IRI <code>"http://www.example.com/policies/P1"</code>:</p> <div class="exampleInner"><pre>(01) <wsp:Policy @@ -655,7 +655,7 @@ xmlns:wsp="http://www.w3.org/@@@@/@@/policy" > (02) <!-- Details omitted for readability --> (03) </wsp:Policy></pre></div> -<p>The following example illustrates how to associate a policy expression with the URI-reference <code>"#P1"</code>:</p> +<p>The following example illustrates how to associate a policy expression with the IRI-reference <code>"#P1"</code>:</p> <div class="exampleInner"><pre>(01) <wsp:Policy wsu:Id="P1" xmlns:wsp="http://www.w3.org/@@@@/@@/policy" @@ -1111,7 +1111,15 @@ <dt class="label"><code class="attr">/wsp:Policy/…/wsp:PolicyReference/@URI</code> </dt> -<dd><p>This attribute references a policy expression by URI. For a policy expression within the same XML Document, the reference <span class="rfc2119">SHOULD</span> be a URI-reference to a policy expression identified by an <code>ID</code>. For an external policy expression, there is no requirement that the URI be resolvable; retrieval mechanisms are beyond the scope of this specification. After retrieval, there is no requirement to check that the retrieved policy expression is associated (Section <a href="#Policy_Identification"><b>4.2 Policy Identification</b></a>) with this URI. The URI included in the retrieved policy expression, if any, <span class="rfc2119">MAY</span> be different than the URI used to retrieve the policy expression. </p></dd> +<dd><p>This attribute references a policy expression by an IRI. For a policy +expression within the same XML Document, the reference <span class="rfc2119">SHOULD</span> be an +IRI-reference to a policy expression identified by an <code>ID</code>. +For an external policy expression, there is no requirement that the IRI +be resolvable; retrieval mechanisms are beyond the scope of this specification. +After retrieval, there is no requirement to check that the retrieved policy +expression is associated (Section <a href="#Policy_Identification"><b>4.2 Policy Identification</b></a>) with this IRI. +The IRI included in the retrieved policy expression, if any, <span class="rfc2119">MAY</span> be +different than the IRI used to retrieve the policy expression. </p></dd> <dt class="label"><code class="attr">/wsp:Policy/…/wsp:PolicyReference/@Digest</code> </dt> @@ -1284,6 +1292,7 @@ with sufficient credentials to pass the relying parties' acceptance criteria.</p> + <p>It should be noted that the mechanisms described in this document could be secured as part of a SOAP message [<cite><a href="#SOAP11">SOAP 1.1</a></cite>, <cite><a href="#SOAP12">SOAP 1.2 Messaging Framework</a></cite>] using WS-Security [<cite><a href="#WS-Security">WS-Security 2004</a></cite>] or embedded within other objects using object-specific security mechanisms.</p> @@ -1309,12 +1318,12 @@ Engineering Task Force, June 1999. Available at http://www.ietf.org/rfc/rfc2119.txt. </dd> - <dt class="label"><a name="RFC3986"></a>[IETF RFC 3986] </dt><dd> - <cite><a href="http://www.ietf.org/rfc/rfc3986.txt">Uniform Resource Identifier (URI): Generic - Syntax</a></cite>, T. Berners-Lee, R. Fielding, and - L. Masinter, Authors. Internet Engineering Task Force, + <dt class="label"><a name="RFC3987"></a>[IETF RFC 3987] </dt><dd> + <cite><a href="http://www.ietf.org/rfc/rfc3987.txt">Internationalized Resource Identifiers (IRIs) + </a></cite>, M. Duerst and M. Suignard, + Authors. Internet Engineering Task Force, January 2005. Available at - http://www.ietf.org/rfc/rfc3986.txt. + http://www.ietf.org/rfc/rfc3987.txt. </dd> <dt class="label"><a name="WS-Security"></a>[WS-Security 2004] </dt><dd> <cite><a href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf">Web Services Security: SOAP Message Security 1.0 @@ -1513,7 +1522,9 @@ <p>A list of substantive changes since the Working Draft dated 31 July 2006 is below:</p> <ul> - <li><p>TBD</p></li> + <li><p>Added support for the <code>xml:id</code> attribute.</p></li> + <li><p>Added an empty conformance section.</p></li> + <li><p>Replaced URI with IRI.</p></li> </ul> </div> <div class="div1"> @@ -1655,6 +1666,15 @@ <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3590">3590</a>. for adding document attribute extensbility of wsp:Policy/@{any} and wsp:Policy/.../wsp:PolicyReference/@{any} </td> + </tr> + <tr> + <td rowspan="1" colspan="1">20060829</td> + <td rowspan="1" colspan="1">ASV</td> + <td rowspan="1" colspan="1">Implemented the + <a href="http://www.w3.org/2006/08/23-ws-policy-minutes.html#action06">resolution</a> + for issue + <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3561">3561</a>: replaced URI with IRI. + </td> </tr> </tbody> </table><br> Index: ws-policy-attachment.xml =================================================================== RCS file: /sources/public/2006/ws/policy/ws-policy-attachment.xml,v retrieving revision 1.28 retrieving revision 1.29 diff -u -d -r1.28 -r1.29 --- ws-policy-attachment.xml 28 Aug 2006 05:00:10 -0000 1.28 +++ ws-policy-attachment.xml 30 Aug 2006 00:38:11 -0000 1.29 @@ -437,7 +437,7 @@ element.</termdef> The resulting policy expression is considered to represent the combined policy of all of the attachments to that subject.</p> - <p>Such calculated policy expressions have no meaningful URI of their own. </p> + <p>Such calculated policy expressions have no meaningful IRI of their own. </p> </div2> <div2 id='PolicyAttachmentMechanisms'> <head>Policy Attachment Mechanisms</head> @@ -476,9 +476,9 @@ <p>The namespace URI [<bibref ref='XML-NS'/>] for this attribute is <code>&nsuri;</code>.</p> <p>The <att>wsp:PolicyURIs</att> attribute contains a white -space-separated list of one or more URIs [<bibref ref='RFC3986'/>]. When this attribute is used, +space-separated list of one or more IRIs [<bibref ref='RFC3987'/>]. When this attribute is used, each of the values identifies a <termref def='policy_expression'>policy expression</termref> as defined by -[<bibref ref='WS-Policy'/>]. If more than one URI is specified, the +[<bibref ref='WS-Policy'/>]. If more than one IRI is specified, the individual referenced <termref def='policy'>policies</termref> need to be <termref def='merge'>merged</termref> together to form a single element <termref def='policy_expression'>policy expression</termref>. The resultant <termref def='policy'>policy</termref> is @@ -525,7 +525,7 @@ (14) </sp:AsymmetricBinding> (15) </wsp:Policy></eg> </example> -<p>Note that this <termref def='element_policy'>element policy</termref> has no meaningful URI.</p> +<p>Note that this <termref def='element_policy'>element policy</termref> has no meaningful IRI.</p> <p>The presence of the <att>wsp:PolicyURIs</att> attribute does not prohibit implementations from using additional mechanisms for associating <termref def='policy_expression'>policy expressions</termref> with XML-based constructs.</p> @@ -552,7 +552,7 @@ attachment, the <termref def='policy_expression'>policy expressions</termref> being bound, and optional security information. The <termref def='policy_scope'>policy scope</termref> of the attachment is defined using one or more extensible domain expressions that identify <termref def='policy_subject'>policy subjects</termref>, -typically using URIs.</p> +typically using IRIs.</p> <p>Domain expressions identify the domain of the association. That is, the set of <termref def='policy_subject'>policy subjects</termref> that will be considered for inclusion in the scope using an extensible domain expression model. Domain @@ -732,7 +732,7 @@ <p>(This graphic is also available in SVG format <loc href="effective-policy-scope.svg">here</loc>.)</p> <p>When attaching policies at different levels of the WSDL hierarchy, care must be taken. -A message exchange with a deployed endpoint <rfc2119>MAY</rfc2119> be described by the +A message exchange with an endpoint <rfc2119>MAY</rfc2119> be described by the <termref def='effective_policy'>effective policies</termref> in all four subject types simultaneously.</p> @@ -1115,16 +1115,16 @@ tModel so that UDDI registry users can expect the same behavior across different UDDI registries.</p> -<p>The tModel's valid values are those URIs that identify external +<p>The tModel's valid values are those IRIs that identify external <termref def='policy_expression'>policy expressions</termref>; that is, when referencing this category system in a <el>categoryBag</el>, the corresponding <att>keyValue</att> of the <el>keyedReference</el> is the -URI of the <termref def='policy_expression'>policy expression</termref>.</p> +IRI of the <termref def='policy_expression'>policy expression</termref>.</p> <p>Using the remote policy reference category system, one can then associate a <termref def='policy_expression'>policy expression</termref> with a <el>businessEntity</el>, a <el>businessService</el>, and a tModel using the entity's <el>categoryBag</el>. For example, associating the <termref def='policy_expression'>policy expression</termref> that is identified by the -URI <code>http://www.example.com/myservice/policy</code> with a <el>businessService</el> is +IRI <code>http://www.example.com/myservice/policy</code> with a <el>businessService</el> is done as follows: </p> <eg xml:space="preserve"><businessService serviceKey="…" > @@ -1141,7 +1141,7 @@ <p>The <att>tModelKey</att> of the <el>keyedReference</el> <rfc2119>MUST</rfc2119> match the fixed <att>tModelKey</att> from the remote policy reference category -system. The <att>keyValue</att> <rfc2119>MUST</rfc2119> be the URI that +system. The <att>keyValue</att> <rfc2119>MUST</rfc2119> be the IRI that identifies the <termref def='policy_expression'>policy expression</termref>.</p> <p>A different approach has to be taken to associate a <termref def='policy_expression'>policy @@ -1167,7 +1167,7 @@ <p>The <att>tModelKey</att> of the <el>tModelInstanceInfo</el> <rfc2119>MUST</rfc2119> match the fixed <att>tModelKey</att> from the remote policy reference category system as defined above. The <el>instanceParms</el> <rfc2119>MUST</rfc2119> be -the URI that identifies the <termref def='policy_expression'>policy expression</termref>.</p> +the IRI that identifies the <termref def='policy_expression'>policy expression</termref>.</p> </div2> <div2 id='RegisteringReusablePolicyExpressions'> @@ -1180,7 +1180,7 @@ <specref ref='WS-PolicyTypesCategorySystem'/>.</p> <p>The following illustrates a tModel for the <termref def='policy_expression'>policy expression</termref> -identified by the URI +identified by the IRI <code>http://www.example.com/myservice/policy</code>.</p> <eg xml:space="preserve"><tModel tModelKey="uuid:04cfa…"> @@ -1212,9 +1212,9 @@ general. The second <el>keyedReference</el> designates the <termref def='policy_expression'>policy expression</termref> the tModel represents by using the approach from the section above. This is necessary in order to enable UDDI inquiries for -particular <termref def='policy_expression'>policy expressions</termref> based on their URI.</p> +particular <termref def='policy_expression'>policy expressions</termref> based on their IRI.</p> -<p>Note that the <termref def='policy_expression'>policy expression</termref> URI is also specified in the +<p>Note that the <termref def='policy_expression'>policy expression</termref> IRI is also specified in the tModel's overview URL to indicate that it is a resolvable URL to actually retrieve the <termref def='policy_expression'>policy expression</termref>.</p> @@ -1337,7 +1337,7 @@ <p>Third, inquiries for reusable <termref def='policy_expression'>policy expression</termref> tModels and UDDI entities that are associated with remote <termref def='policy_expression'>policy expression</termref> is enhanced by the wildcard mechanism for keyValues in keyedReferences. For -example, searching for all <termref def='policy_expression'>policy expression</termref> tModels whose URI starts +example, searching for all <termref def='policy_expression'>policy expression</termref> tModels whose IRI starts with <code>http://www.example.com/</code>, the following <code>find_tModel</code> API call can be used: </p> @@ -1402,11 +1402,12 @@ Task Force, June 1999. Available at http://www.ietf.org/rfc/rfc2119.txt. </bibl> - <bibl key="IETF RFC 3986" href="http://www.ietf.org/rfc/rfc3986.txt" id="RFC3986"> - <titleref>Uniform Resource Identifier (URI): Generic - Syntax</titleref>, T. Berners-Lee, R. Fielding, and - L. Masinter, Authors. Internet Engineering Task Force, January - 2005. Available at http://www.ietf.org/rfc/rfc3986.txt. + <bibl key="IETF RFC 3987" href="http://www.ietf.org/rfc/rfc3987.txt" id="RFC3987"> + <titleref>Internationalized Resource Identifiers (IRIs) + </titleref>, M. Duerst and M. Suignard, + Authors. Internet Engineering Task Force, + January 2005. Available at + http://www.ietf.org/rfc/rfc3987.txt. </bibl> <!-- <bibl id="SOAP11" key="SOAP 1.1" @@ -1618,7 +1619,7 @@ <div3 id='DesigGoals1'> <head>Design Goals</head> -<p>This tModel is used to attach a <termref def='policy'>policy</termref> to a UDDI entity by referencing the policy's URI.</p> +<p>This tModel is used to attach a <termref def='policy'>policy</termref> to a UDDI entity by referencing the policy's IRI.</p> </div3> <div3 id='tModelDefinition1'> <head>tModel Definition</head> @@ -1778,7 +1779,8 @@ <p>A list of substantive changes since the Working Draft dated 31 July 2006 is below:</p> <ulist> - <item><p>TBD</p></item> + <item><p>Added an empty conformance section.</p></item> + <item><p>Replaced URI with IRI.</p></item> </ulist> </inform-div1> <inform-div1 id="change-log"> @@ -1927,6 +1929,15 @@ <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3605">3605</loc>: typo in example. </td> </tr> + <tr> + <td>20060829</td> + <td>ASV</td> + <td>Implemented the + <loc href="http://www.w3.org/2006/08/23-ws-policy-minutes.html#action06">resolution</loc> + for issue + <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=3561">3561</loc>: replaced URI with IRI. + </td> + </tr> </tbody> </table> </inform-div1>
Received on Wednesday, 30 August 2006 00:38:34 UTC