- From: Toufic Boubez via cvs-syncmail <cvsmail@w3.org>
- Date: Mon, 25 Sep 2006 04:14:05 +0000
- To: public-ws-policy-eds@w3.org
Update of /sources/public/2006/ws/policy
In directory hutz:/tmp/cvs-serv5195
Modified Files:
ws-policy-primer.html ws-policy-primer.xml
Log Message:
Correcting syntax error - TIB
Index: ws-policy-primer.html
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- ws-policy-primer.html 19 Sep 2006 21:55:47 -0000 1.10
+++ ws-policy-primer.html 25 Sep 2006 04:14:03 -0000 1.11
@@ -72,7 +72,7 @@
no official standing.</strong></p><p></p></div>
<hr><div class="toc">
<h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#introduction">Introduction</a><br>2. <a href="#basic-concepts-policy-expression">Basic Concepts: Policy Expression</a><br> 2.1 <a href="#web-services-policy">Web Services Policy</a><br> 2.2 <a href="#simple-message">Simple Message</a><br> 2.3 <a href="#secure-message">Secure Message</a><br> 2.4 <a href="#other-assertions">Other Assertions</a><br> 2.5 <a href="#combining-policy-assertions">Combining Policy Assertions</a><br> 2.6 <a href="#optional-policy-assertion">Optional Policy Assertion</a><br> 2.7 <a href="#nested-policy-expressions">Nested Policy Expressions</a><br> 2.8 <a href="#Referencing_Policy_Expressions">Referencing Policy Expressions</a><br> 2.9 <a href="#attaching-policy-expressions-to-wsdl">Attaching Policy Expresions to WSDL</a><br> 2.10 <a href="#policy-automates-web-services-interaction">Policy Automates Web Services Interaction</a><br>3. <a href="#advanced-concepts-1-policy-expression">Advanced Concepts I: Policy Expression</a><br> 3.1 <a href="#policy-expression">Policy Expression</a><br> 3.2 <a href="#normal-form-for-policy-expressions">Normal Form for Policy Expressions</a><br> 3.3 <a href="#policy-data-model">Policy Data Model</a><br> 3.4 <a href="#compatible-policies">Compatible Policies</a><br> 3.5 <a href="#attaching-policy-expressions-to-wsdl2">Attaching Policy Expressions to WSDL</a><br> 3.6 <a href="#combine-policies">Combine Policies</a><br> 3.7 <a href="#extensibility-and-versioning">Extensibility and Versioning</a><br>4. <a href="#advanced-concepts-2-policy-assertion-design">Advanced Concepts II: Policy Assertion Desin</a><br> 4.1 <a href="#role-of-policy-assertions">Role of Policy Assertions</a><br> 4.2 <a href="#parts-of-a-policy-assertion">Parts of a Policy Assertion</a><br> 4.3 <a href="#when-to-design-policy-assertions">When to design policy assertions?</a><br> 4.3.1 <a href="#opt-in-behavior">Opt-in behavior</a><br> 4.3.2 <a href="#shared-behavior">Shared behavior</a><br> 4.3.3 <a href="#visible-behavior">Visible behavior</a><br> 4.4 <a href="#guidelines-for-designing-assertions">Guidelines for Designing Assertions</a><br> 4.4.1 <a href="#optional-behaviors">Optional Behaviors</a><br> 4.4.2 <a href="#assertion-vs-assertion-parameter">Assertion vs. assertion parameter</a><br> &bsp; 4.4.3 <a href="#leveraging-nested-policy">Leveraging Nested Policy</a><br> 4.4.4 <a href="#minimal-approach">Minimal approach</a><br> 4.4.5 <a href="#QName_and_XML_Information_Set_representation">QName and XML Information Set representation</a><br> 4.4.6 <a href="#Policy_subject_and_attachment_points">Policy subject and attachment points</a><br> 4.4.7 <a href="#versioning-behaviors">Versioning behaviors</a><br> 4.4.8 <a href="#N67888">Versioning Policy Language</a><br> 4.4.8.1 <a href="#N67920">Policy Framework</a><br> 4.4.8.2 <a href="#N68042">Policy Attachment</a><br> 4.5 <a href="#desribing-policy-assertions">Describing Policy Assertions</a><br>5. <a href="#conclusion">Conclusion</a><br></p>
-<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#security-considerations">Security Considerations</a><br> A.1 <a href="#information-disclosure-threats">Information Disclosure Threats</a><br> A.2 <a href="#spoofing-and-tampering-threats">Spoofing and Tampering Threats</a><br> A.3 <a href="#downgrade-threats">Downgrade Threats</a><br> A.4 <a href="#repudiation-threats">Repudiation Threats</a><br> A.5 <a href="#denial-of-service-threats">Denial of Service Threats</a><br> A.6 <a href="#general-xml-considerations">General XML Considerations</a><br>B. <a href="#xml-namespaces">XML Namespaces</a><br>C. <a href="#references">References</a><br>D. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>E. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>F. <a href="#change-log">Web Services Plicy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body">
+<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#xml-namespaces">XML Namespaces</a><br>B. <a href="#references">References</a><br>C. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>D. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>E. <a href="#change-log">Web Services Policy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body">
<div class="div1">
<h2><a name="introduction"></a>1. Introduction</h2>
@@ -113,7 +113,7 @@
policy assertions, outlines guidelines for designing policy assertions and enumerates the
minimum requirements for describing policy assertions in specifications.</p>
<p>This is a non-normative document and does not provide a definitive specification of the Web
- Services Policy language. <a href="#xml-namespaces"><b>B. XML Namespaces</b></a> lists all the that are used in
+ Services Policy language. <a href="#xml-namespaces"><b>A. XML Namespaces</b></a> lists all the that are used in
this document. (XML elements without a namespace prefix are from the Web Services Policy XML
Namespace.)</p>
</div>
@@ -179,7 +179,7 @@
<p>This message uses message addressing headers. The <code>wsa:To</code>
and<code>wsa:Action</code> header blocks identify the destination and the semantics
implied by this message respectively. (The prefix <code>wsa</code> is used here to denote
- the Web Services Addressing XML Namespace. <a href="#xml-namespaces"><b>B. XML Namespaces</b></a> lists all the
+ the Web Services Addressing XML Namespace. <a href="#xml-namespaces"><b>A. XML Namespaces</b></a> lists all the
and prefixes that are used in this document.)</p>
<p>Let us look at a fictitious scenario used in this document to illustrate the features of
the policy language. Tony is a Web service developer. He is building a client application
@@ -1857,115 +1857,11 @@
<div class="back">
<div class="div1">
-<h2><a name="security-considerations"></a>A. Security Considerations</h2>
- <p>This appendix describes the security considerations that service providers, requestors,
- policy authors, policy assertion authors, and policy implementers need to consider when
- exposing, consuming and designing policy expressions, authoring policy assertions or
- implementing policy.</p>
- <div class="div2">
-
-<h3><a name="information-disclosure-threats"></a>A.1 Information Disclosure Threats</h3>
- <p>A policy is used to represent the capabilities and requirements of a Web Service.
- Policies may include sensitive information. Malicious consumers may acquire sensitive
- information, fingerprint the service and infer service vulnerabilities. These threats can
- be mitigated by requiring authentication for sensitive information, by omitting sensitive
- information from the policy or by securing access to the policy. For securing access to
- policy metadata, policy providers can use mechanisms from other Web Services
- specifications such as WS-Security and WS-MetadataExchange.</p>
- </div>
- <div class="div2">
-
-<h3><a name="spoofing-and-tampering-threats"></a>A.2 Spoofing and Tampering Threats</h3>
- <p>If a policy expression is unsigned it could be easily tampered with or replaced. To
- prevent tampering or spoofing of policy, requestors should discard a policy unless it is
- signed by the provider and presented with sufficient credentials. Requestors should also
- check that the signer is actually authorized to express policies for the given policy
- subject.</p>
- </div>
- <div class="div2">
-
-<h3><a name="downgrade-threats"></a>A.3 Downgrade Threats</h3>
- <p>A policy may offer several alternatives that vary from weak to strong set of
- requirements. An adversary may interfere and remove all the alternatives except the
- weakest one (say no security requirements). Or, an adversary may interfere and discard
- this policy and insert a weaker policy previously issued by the same provider. Policy
- authors or providers can mitigate these threats by sun-setting older or weaker policy
- alternatives. Requestors can mitigate these threats by discarding policies unless they are
- signed by the provider.</p>
- </div>
- <div class="div2">
-
-<h3><a name="repudiation-threats"></a>A.4 Repudiation Threats</h3>
- <p>Malicious providers may include policy assertions in its policy whose behavior cannot be
- verified by examining the wire message from the provider to requestor. In general,
- requestors have no guarantee that a provider will behave as described in the provider’s
- policy expression. The provider may not and perform a malicious activity. For example, say
- the policy assertion is privacy notice information and the provider violates the semantics
- by disclosing private information. Requestors can mitigate this threat by discarding
- policy alternatives which include assertions whose behavior cannot be verified by
- examining the wire message from the provider to requestor. Assertion authors can mitigate
- this threat by not designing assertions whose behavior cannot be verified using wire
- messages.</p>
- </div>
- <div class="div2">
-
-<h3><a name="denial-of-service-threats"></a>A.5 Denial of Service Threats</h3>
- <p>Malicious providers may provide a policy expression with a large number of alternatives,
- a large number of assertions in alternatives, deeply nested policy expressions or chains
- of PolicyReference elements that expand exponentially (see the chained sample below; this
- is similar to the well-known DTD entity expansion attack). Policy implementers need to
- anticipate these rogue providers and use a configurable bound with defaults on number of
- policy alternatives, number of assertions in an alternative, depth of nested policy
- expressions, etc.</p>
- <div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example A-1. </span>Chained Policy Reference Elements</i></p>
- <div class="exampleInner"><pre><Policy wsu:Id="p1">
- <PolicyReference URI="#p2"/ >
- <PolicyReference URI="#p2"/>
-</Policy>
-
-<Policy wsu:Id="p2" >
- <PolicyReference URI="#p3"/>
- <PolicyReference URI="#p3"/>
-</Policy>
-
-<Policy wsu:Id="p3" >
- <PolicyReference URI="#p4"/>
- <PolicyReference URI="#p4"/>
-</Policy>
-
-<!-- Policy/@wsu:Id p4 through p99 -->
-
-<Policy wsu:Id="p100" >
- <PolicyReference URI="#p101"/>
- <PolicyReference URI="#p101"/>
-</Policy>
-
-<Policy wsu:Id="p101" >
- <mtom:OptimizedMimeSerialization />
-</Policy></pre></div>
- </div>
- <p>Malicious providers may provide a policy expression that includes multiple
- PolicyReference elements that use a large number of different internet addresses. These
- may require the consumers to establish a large number of TCP connections. Policy
- implementers need to anticipate such rogue providers and use a configurable bound with
- defaults on number of PolicyReference elements per policy expression.</p>
- </div>
- <div class="div2">
-
-<h3><a name="general-xml-considerations"></a>A.6 General XML Considerations</h3>
- <p>Implementers of Web Services policy language should be careful to protect their software
- against general XML threats like deeply nested XML or XML that contains malicious
- content.</p>
- </div>
- </div>
- <div class="div1">
-
-<h2><a name="xml-namespaces"></a>B. XML Namespaces</h2>
+<h2><a name="xml-namespaces"></a>A. XML Namespaces</h2>
<p>The table below lists XML Namespaces that are used in this document. The choice of any
namespace prefix is arbitrary and not semantically significant.</p>
<a name="nsprefix"></a><table summary="Prefixes and XML Namespaces used in this specification" border="1" cellspacing="0" cellpadding="5">
- <caption>Table B-1. Prefixes and XML Namespaces used in this specification.</caption>
+ <caption>Table A-1. Prefixes and XML Namespaces used in this specification.</caption>
<thead>
<tr>
<th rowspan="1" colspan="1">Prefix</th>
@@ -2078,7 +1974,7 @@
</div>
<div class="div1">
-<h2><a name="references"></a>C. References</h2>
+<h2><a name="references"></a>B. References</h2>
<dl>
<dt class="label"><a name="MTOM"></a>[MTOM] </dt><dd>
<cite><a href="http://www.w3.org/TR/2005/REC-soap12-mtom-20050125/">SOAP Message Transmission Optimization Mechanism</a></cite>, M. Gudgin, N.
@@ -2162,7 +2058,7 @@
</div>
<div class="div1">
-<h2><a name="acknowledgments"></a>D. Acknowledgements (Non-Normative)</h2>
+<h2><a name="acknowledgments"></a>C. Acknowledgements (Non-Normative)</h2>
<p>This document is the work of the <a href="http://www.w3.org/2002/ws/policy/">W3C Web Services Policy
Working Group</a>.</p>
@@ -2181,7 +2077,7 @@
</div>
<div class="div1">
-<h2><a name="change-description"></a>E. Changes in this Version of the Document (Non-Normative)</h2>
+<h2><a name="change-description"></a>D. Changes in this Version of the Document (Non-Normative)</h2>
<p>A list of substantive changes since the previous publication is below:</p>
<ul>
<li><p>Replaced URI with IRI.</p></li>
@@ -2189,7 +2085,7 @@
</div>
<div class="div1">
-<h2><a name="change-log"></a>F. Web Services Policy 1.5 - Primer Change Log (Non-Normative)</h2>
+<h2><a name="change-log"></a>E. Web Services Policy 1.5 - Primer Change Log (Non-Normative)</h2>
<a name="ws-policy-primer-changelog-table"></a><table border="1">
<tbody>
<tr>
@@ -2221,7 +2117,15 @@
to add versioning material to primer.
</td>
</tr>
-
+ <tr>
+ <td rowspan="1" colspan="1">20060924</td>
+ <td rowspan="1" colspan="1">TIB</td>
+ <td rowspan="1" colspan="1">Implemented the
+ <a href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/35">editorial action 35</a>
+ to move the Security Considerations section to the Framework document.
+ </td>
+ </tr>
+
</tbody>
</table><br>
</div>
Index: ws-policy-primer.xml
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- ws-policy-primer.xml 25 Sep 2006 03:57:33 -0000 1.7
+++ ws-policy-primer.xml 25 Sep 2006 04:14:03 -0000 1.8
@@ -2084,7 +2084,6 @@
to add versioning material to primer.
</td>
</tr>
- </tr>
<tr>
<td>20060924</td>
<td>TIB</td>
Received on Monday, 25 September 2006 04:14:14 UTC