- From: Asir Vedamuthu via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 26 Sep 2006 07:31:53 +0000
- To: public-ws-policy-eds@w3.org
Update of /sources/public/2006/ws/policy
In directory hutz:/tmp/cvs-serv9220
Modified Files:
ws-policy-primer.html ws-policy-primer.xml
Log Message:
Updated the 'Changes in this Version of the Document' section.
Index: ws-policy-primer.html
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- ws-policy-primer.html 25 Sep 2006 04:41:48 -0000 1.12
+++ ws-policy-primer.html 26 Sep 2006 07:31:51 -0000 1.13
@@ -1,4 +1,4 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US"><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Web Services Policy 1.5 - Primer</title><style type="text/css">
code { font-family: monospace; }
@@ -47,7 +47,7 @@
div.exampleWrapper { margin: 4px }
div.exampleHeader { font-weight: bold;
margin: 4px}
-</style><link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/base.css"><link rel="contents" href="#contents"></head><body>
+</style><link type="text/css" rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/base.css"><link href="#contents" rel="contents"></head><body>
<div class="head">
<h1>Web Services Policy 1.5 - Primer</h1>
<h2>Editors' copy $Date$ @@ @@@@ @@@@</h2><dl><dt>This version:</dt><dd>
@@ -71,8 +71,8 @@
<h2><a name="status">Status of this Document</a></h2><p><strong>This document is an editors' copy that has
no official standing.</strong></p><p></p></div>
<hr><div class="toc">
-<h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#introduction">Introduction</a><br>2. <a href="#basic-concepts-policy-expression">Basic Concepts: Policy Expression</a><br> 2.1 <a href="#web-services-policy">Web Services Policy</a><br> 2.2 <a href="#simple-message">Simple Message</a><br> 2.3 <a href="#secure-message">Secure Message</a><br> 2.4 <a href="#other-assertions">Other Assertions</a><br> 2.5 <a href="#combining-policy-assertions">Combining Policy Assertions</a><br> 2.6 <a href="#optional-policy-assertion">Optional Policy Assertion</a><br> 2.7 <a href="#nested-policy-expressions">Nested Policy Expressions</a><br> 2.8 <a href="#Referencing_Policy_Expressions">Referencing Policy Expressions</a><br> 2.9 <a href="#attaching-policy-expressions-to-wsdl">Attaching Policy Expresions to WSDL</a><br> 2.10 <a href="#policy-automates-web-services-interaction">Policy Automates Web Services Interaction</a><br>3. <a href="#advanced-concepts-1-policy-expression">Advanced Concepts I: Policy Expression</a><br> 3.1 <a href="#policy-expression">Policy Expression</a><br> 3.2 <a href="#normal-form-for-policy-expressions">Normal Form for Policy Expressions</a><br> 3.3 <a href="#policy-data-model">Policy Data Model</a><br> 3.4 <a href="#compatible-policies">Compatible Policies</a><br> 3.5 <a href="#attaching-policy-expressions-to-wsdl2">Attaching Policy Expressions to WSDL</a><br> 3.6 <a href="#combine-policies">Combine Policies</a><br> 3.7 <a href="#extensibility-and-versioning">Extensibility and Versioning</a><br>4. <a href="#advanced-concepts-2-policy-assertion-design">Advanced Concepts II: Policy Assertion Desin</a><br> 4.1 <a href="#role-of-policy-assertions">Role of Policy Assertions</a><br> 4.2 <a href="#parts-of-a-policy-assertion">Parts of a Policy Assertion</a><br> 4.3 <a href="#when-to-design-policy-assertions">When to design policy assertions?</a><br> 4.3.1 <a href="#opt-in-behavior">Opt-in behavior</a><br> 4.3.2 <a href="#shared-behavior">Shared behavior</a><br> 4.3.3 <a href="#visible-behavior">Visible behavior</a><br> 4.4 <a href="#guidelines-for-designing-assertions">Guidelines for Designing Assertions</a><br> 4.4.1 <a href="#optional-behaviors">Optional Behaviors</a><br> 4.4.2 <a href="#assertion-vs-assertion-parameter">Assertion vs. assertion parameter</a><br> &bsp; 4.4.3 <a href="#leveraging-nested-policy">Leveraging Nested Policy</a><br> 4.4.4 <a href="#minimal-approach">Minimal approach</a><br> 4.4.5 <a href="#QName_and_XML_Information_Set_representation">QName and XML Information Set representation</a><br> 4.4.6 <a href="#Policy_subject_and_attachment_points">Policy subject and attachment points</a><br> 4.4.7 <a href="#versioning-behaviors">Versioning behaviors</a><br> 4.4.8 <a href="#N67888">Versioning Policy Language</a><br> 4.4.8.1 <a href="#N67920">Policy Framework</a><br> 4.4.8.2 <a href="#N68042">Policy Attachment</a><br> 4.5 <a href="#desribing-policy-assertions">Describing Policy Assertions</a><br>5. <a href="#conclusion">Conclusion</a><br></p>
-<h3><a name="appendix" id="appendix">Appendices</a></h3><p class="toc">A. <a href="#security-considerations">Security Considerations</a><br>B. <a href="#xml-namespaces">XML Namespaces</a><br>C. <a href="#references">References</a><br>D. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>E. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>F. <a href="#change-log">Web Services Policy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body">
+<h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#introduction">Introduction</a><br>2. <a href="#basic-concepts-policy-expression">Basic Concepts: Policy Expression</a><br> 2.1 <a href="#web-services-policy">Web Services Policy</a><br> 2.2 <a href="#simple-message">Simple Message</a><br> 2.3 <a href="#secure-message">Secure Message</a><br> 2.4 <a href="#other-assertions">Other Assertions</a><br> 2.5 <a href="#combining-policy-assertions">Combining Policy Assertions</a><br> 2.6 <a href="#optional-policy-assertion">Optional Policy Assertion</a><br> 2.7 <a href="#nested-policy-expressions">Nested Policy Expressions</a><br> 2.8 <a href="#Referencing_Policy_Expressions">Referencing Policy Expressions</a><br> 2.9 <a href="#attaching-policy-expressions-to-wsdl">Attaching Policy Expresions to WSDL</a><br> 2.10 <a href="#policy-automates-web-services-interaction">Policy Automates Web Services Interaction</a><br>3. <a href="#advanced-concepts-1-policy-expression">Advanced Concepts I: Policy Expression</a><br> 3.1 <a href="#policy-expression">Policy Expression</a><br> 3.2 <a href="#normal-form-for-policy-expressions">Normal Form for Policy Expressions</a><br> 3.3 <a href="#policy-data-model">Policy Data Model</a><br> 3.4 <a href="#compatible-policies">Compatible Policies</a><br> 3.5 <a href="#attaching-policy-expressions-to-wsdl2">Attaching Policy Expressions to WSDL</a><br> 3.6 <a href="#combine-policies">Combine Policies</a><br> 3.7 <a href="#extensibility-and-versioning">Extensibility and Versioning</a><br>4. <a href="#advanced-concepts-2-policy-assertion-design">Advanced Concepts II: Policy Assertion Desin</a><br> 4.1 <a href="#role-of-policy-assertions">Role of Policy Assertions</a><br> 4.2 <a href="#parts-of-a-policy-assertion">Parts of a Policy Assertion</a><br> 4.3 <a href="#when-to-design-policy-assertions">When to design policy assertions?</a><br> 4.3.1 <a href="#opt-in-behavior">Opt-in behavior</a><br> 4.3.2 <a href="#shared-behavior">Shared behavior</a><br> 4.3.3 <a href="#visible-behavior">Visible behavior</a><br> 4.4 <a href="#guidelines-for-designing-assertions">Guidelines for Designing Assertions</a><br> 4.4.1 <a href="#optional-behaviors">Optional Behaviors</a><br> 4.4.2 <a href="#assertion-vs-assertion-parameter">Assertion vs. assertion parameter</a><br> &bsp; 4.4.3 <a href="#leveraging-nested-policy">Leveraging Nested Policy</a><br> 4.4.4 <a href="#minimal-approach">Minimal approach</a><br> 4.4.5 <a href="#QName_and_XML_Information_Set_representation">QName and XML Information Set representation</a><br> 4.4.6 <a href="#Policy_subject_and_attachment_points">Policy subject and attachment points</a><br> 4.4.7 <a href="#versioning-behaviors">Versioning behaviors</a><br> 4.4.8 <a href="#versioning-policy-language">Versioning Policy Language</a><br> 4.4.8.1 <a href="#versioning-policy-framework">Policy Framework</a><br> 4.4.8.2 <a href="#versioning-policy-attachment">Polcy Attachment</a><br> 4.5 <a href="#describing-policy-assertions">Describing Policy Assertions</a><br>5. <a href="#conclusion">Conclusion</a><br></p>
+<h3><a id="appendix" name="appendix">Appendices</a></h3><p class="toc">A. <a href="#security-considerations">Security Considerations</a><br>B. <a href="#xml-namespaces">XML Namespaces</a><br>C. <a href="#references">References</a><br>D. <a href="#acknowledgments">Acknowledgements</a> (Non-Normative)<br>E. <a href="#change-description">Changes in this Version of the Document</a> (Non-Normative)<br>F. <a href="#change-log">Web Services Policy 1.5 - Primer Change Log</a> (Non-Normative)<br></p></div><hr><div class="body">
<div class="div1">
<h2><a name="introduction"></a>1. Introduction</h2>
@@ -167,7 +167,7 @@
<h3><a name="simple-message"></a>2.2 Simple Message</h3>
<p>Let us start by considering a SOAP Message in the example below.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-1. </span>SOAP Message</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-1. </span>SOAP Message</i></p>
<div class="exampleInner"><pre><soap:Envelope>
<soap:Header>
<wsa:To>http://stock.contoso.com/realquote</wsa:To>
@@ -207,7 +207,7 @@
<p>How does Contoso use policy to represent the use of addressing? The example below
illustrates a policy expression that requires the use of addressing.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-2. </span>Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-2. </span>Policy Expression</i></p>
<div class="exampleInner"><pre><Policy>
<wsap:UsingAddressing />
</Policy></pre></div>
@@ -235,7 +235,7 @@
<p>In addition to requiring the use of addressing, Contoso requires the use of
transport-level security for protecting messages.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-3. </span>Secure Message</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-3. </span>Secure Message</i></p>
<div class="exampleInner"><pre><soap:Envelope>
<soap:Header>
<wss:Security soap:mustUnderstand="1" >
@@ -259,7 +259,7 @@
using a policy expression. The example below illustrates a policy expression that requires
the use of addressing and transport-level security for securing messages.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-4. </span>Addressing and Security Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-4. </span>Addressing and Security Policy Expression</i></p>
<div class="exampleInner"><pre><Policy>
<wsap:UsingAddressing />
<sp:TransportBinding>...</sp:TransportBinding>
@@ -349,7 +349,7 @@
policy assertions using the <code>Policy</code> or <code>All</code> operator means that
all the behaviors represented by these assertions are required.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-5. </span>Addressing and Security Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-5. </span>Addressing and Security Policy Expression</i></p>
<div class="exampleInner"><pre><All>
<wsap:UsingAddressing />
<sp:TransportBinding>…</sp:TransportBinding>
@@ -361,7 +361,7 @@
message-level security for protecting messages, Contoso uses the
<code>sp:AsymmetricBinding</code> policy assertion (see the example below).</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-6. </span>Asymmetric Binding Security Policy Assertion</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-6. </span>Asymmetric Binding Security Policy Assertion</i></p>
<div class="exampleInner"><pre><sp:AsymmetricBinding>…</sp:AsymmetricBinding></pre></div>
</div>
<p>The <code>sp:AsymmetricBinding</code> element is a policy assertion. (The prefix
@@ -376,7 +376,7 @@
the assertions. The policy expression in the example below requires the use of either
transport- or message-level security for protecting messages.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-7. </span>Transport- or Message-Level Security Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-7. </span>Transport- or Message-Level Security Policy Expression</i></p>
<div class="exampleInner"><pre><ExactlyOne>
<sp:TransportBinding>…</sp:TransportBinding>
<sp:AsymmetricBinding>…</sp:AsymmetricBinding>
@@ -389,7 +389,7 @@
policy expression in the example below requires the use of addressing and one of
transport- or message-level security for protecting messages.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-8. </span>Addressing and Transport- OR Message-Level Security Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-8. </span>Addressing and Transport- OR Message-Level Security Policy Expression</i></p>
<div class="exampleInner"><pre><All>
<wsap:UsingAddressing />
<ExactlyOne>
@@ -412,7 +412,7 @@
<p>To indicate the use of optimization using the Optimized MIME Serialization, Contoso uses
the <code>mtom:OptimizedMimeSerialization</code> policy assertion (see the example below).</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-9. </span>Optimized MIME Serialization Policy Assertion</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-9. </span>Optimized MIME Serialization Policy Assertion</i></p>
<div class="exampleInner"><pre><mtom:OptimizedMimeSerialization /></pre></div>
</div>
<p>The <code>mtom:OptimizedMimeSerialization</code> element is a policy assertion. (The
@@ -432,7 +432,7 @@
optional. This policy expression allows the use of optimization and requires the use of
addressing and one of transport- or message-level security.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-10. </span>Optional MIME Serialization, Addressing and Transport- OR Message-Level Security
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-10. </span>Optional MIME Serialization, Addressing and Transport- OR Message-Level Security
Policy Expression</i></p>
<div class="exampleInner"><pre><All>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
@@ -479,7 +479,7 @@
behavior of the <code>sp:TransportBinding</code> policy assertion (which already requires
the use of transport-level security for protecting messages).</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-11. </span>Transport Security Policy Assertion</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-11. </span>Transport Security Policy Assertion</i></p>
<div class="exampleInner"><pre><sp:TransportBinding>
<Policy>
<sp:TransportToken>
@@ -526,7 +526,7 @@
<code>PolicyReference</code> element can be used to reference a policy expression
identified using either of these mechanisms.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-12. </span>Common Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-12. </span>Common Policy Expression</i></p>
<div class="exampleInner"><pre><Policy wsu:Id=”common”>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
<wsap:UsingAddressing />
@@ -544,7 +544,7 @@
expression as a standalone policy or within another policy expression. The example below
is a policy expression that re-uses the common policy expression above.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-13. </span>PolicyReference to Common Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-13. </span>PolicyReference to Common Policy Expression</i></p>
<div class="exampleInner"><pre><PolicyReference URI="#common"/></pre></div>
</div>
<p>For referencing a policy expression within the same XML document, Contoso uses the
@@ -555,7 +555,7 @@
transport- or message-level security for protecting messages and allows the use of
optimization.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-14. </span>Secure Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-14. </span>Secure Policy Expression</i></p>
<div class="exampleInner"><pre><Policy wsu:Id=”secure”>
<All>
<PolicyReference URI="#common"/>
@@ -574,7 +574,7 @@
attribute identifies the policy expression. The IRI of this policy expression is
<code>http://real.contoso.com/policy/common</code>.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-15. </span>Common Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-15. </span>Common Policy Expression</i></p>
<div class="exampleInner"><pre><Policy Name=”http://real.contoso.com/policy/common”>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
<wsap:UsingAddressing />
@@ -582,7 +582,7 @@
</div>
<p>The example below is a policy expression that re-uses the common policy expression above.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-16. </span>PolicyReference to Common Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-16. </span>PolicyReference to Common Policy Expression</i></p>
<div class="exampleInner"><pre><PolicyReference URI="http://real.contoso.com/policy/common"/></pre></div>
</div>
</div>
@@ -604,7 +604,7 @@
description. This includes all the message exchanges described by operations in the
<code>RealTimeDataInterface</code>.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-17. </span>Secure Policy Expression Attached to WSDL Binding</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-17. </span>Secure Policy Expression Attached to WSDL Binding</i></p>
<div class="exampleInner"><pre><wsdl:binding name="SecureBinding" type="tns:RealTimeDataInterface" >
<PolicyReference URI="#secure" />
<wsdl:operation name="GetRealQuote">…</wsdl:operation>
@@ -619,7 +619,7 @@
security for these services, but requires the use of addressing and allows the use of
optimization.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 2-18. </span>Open Policy Expression Attached to WSDL Binding</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 2-18. </span>Open Policy Expression Attached to WSDL Binding</i></p>
<div class="exampleInner"><pre><wsdl:binding name="OpenBinding" type="tns:DelayedDataInterface" >
<PolicyReference URI="#common" />
<wsdl:operation name="GetDelayedQuote">…</wsdl:operation>
@@ -713,7 +713,7 @@
<p>Let us take a closer look at Contoso’s policy expression (see below) from the previous
section.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-1. </span>Contoso’s Secure Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-1. </span>Contoso’s Secure Policy Expression</i></p>
<div class="exampleInner"><pre><Policy>
<All>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
@@ -741,7 +741,7 @@
<p>The normal form uses a subset of constructs used in the compact form and follows a simple
outline for its XML representation:</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-2. </span>Normal Form for Policy Expressions</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-2. </span>Normal Form for Policy Expressions</i></p>
<div class="exampleInner"><pre><Policy>
<ExactlyOne>
<All>
@@ -770,7 +770,7 @@
policy alternatives: one that requires the use of transport-level security and the other
that requires the use of message-level security for protecting messages.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-3. </span>Transport- or Message-Level Security Policy Expression in Normal Form</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-3. </span>Transport- or Message-Level Security Policy Expression in Normal Form</i></p>
<div class="exampleInner"><pre><Policy>
<ExactlyOne>
<All>
@@ -803,7 +803,7 @@
</li>
</ol>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-4. </span>Contoso’s Secure Policy Expression in Compact Form</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-4. </span>Contoso’s Secure Policy Expression in Compact Form</i></p>
<div class="exampleInner"><pre><Policy wsu:Id=”secure”>
<All>
<PolicyReference URI=”#common”/>
@@ -826,7 +826,7 @@
four policy alternatives in the normal form. These alternatives map to bullets (a) through
(d) above.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-5. </span>Contoso’s Policy Expression in Normal Form</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-5. </span>Contoso’s Policy Expression in Normal Form</i></p>
<div class="exampleInner"><pre><Policy>
<ExactlyOne>
<All> <!-- - - - - - - - - - - - - - Policy Alternative (a) -->
@@ -899,7 +899,7 @@
requirements or conditions for an interaction. In simple words, each policy alternative
represents a set of conditions for an interaction. The diagram below describes the policy
data model.</p>
- <div class="figure" style="text-align: center"><br><img src="ws-policy-data-model.jpg" alt="WS-Policy Data Model"><p style="text-align:left"><i><span>Figure 3-1. </span>WS-Policy Data Model</i></p><br></div>
+ <div style="text-align: center" class="figure"><br><img src="ws-policy-data-model.jpg" alt="WS-Policy Data Model"><p style="text-align:left"><i><span>Figure 3-1. </span>WS-Policy Data Model</i></p><br></div>
<p>A policy-aware client uses a policy to determine whether one of these policy alternatives
(i.e. the conditions for an interaction) can be met in order to interact with the
associated Web Service. Such clients may choose any of these policy alternatives and must
@@ -953,7 +953,7 @@
</ul>
<p>The diagram below describes this mapping from the normal form of a policy expression to
the policy data model.</p>
- <div class="figure" style="text-align: center"><br><img src="normal-form-2-data-model.jpg" alt="Mapping from Normal Form to Policy Data Model"><p style="text-align:left"><i><span>Figure 3-2. </span>Mapping from Normal Form to Policy Data Model</i></p><br></div>
+ <div style="text-align: center" class="figure"><br><img src="normal-form-2-data-model.jpg" alt="Mapping from Normal Form to Policy Data Model"><p style="text-align:left"><i><span>Figure 3-2. </span>Mapping from Normal Form to Policy Data Model</i></p><br></div>
</div>
<div class="div2">
@@ -967,7 +967,7 @@
policy alternatives. Of them, one of the policy alternatives requires the use of
addressing and transport-level security.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-6. </span>Contoso’s Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-6. </span>Contoso’s Policy Expression</i></p>
<div class="exampleInner"><pre><Policy>
<ExactlyOne>
<All> <!-- - - - - - - - - - Contoso’s Policy Alternative (a) -->
@@ -986,7 +986,7 @@
contains one policy alternative that requires the use of addressing and transport-level
security.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-7. </span>Tony’s Policy Expression in Normal Form</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-7. </span>Tony’s Policy Expression in Normal Form</i></p>
<div class="exampleInner"><pre><Policy>
<ExactlyOne>
<All> <!-- - - - - - - - - - - - - - Tony’s Policy Alternative -->
@@ -1039,7 +1039,7 @@
subjects: message, operation, endpoint and service. When attached, capabilities and
requirements represented by a policy expression apply to a message exchange or message
associated with (or described by) a policy subject.</p>
- <div class="figure" style="text-align: center"><br><img src="policy-subjects-in-wsdl.jpg" alt="Policy Subjects and Effective Policy in WSDL"><p style="text-align:left"><i><span>Figure 3-3. </span>Policy Subjects and Effective Policy in WSDL</i></p><br></div>
+ <div style="text-align: center" class="figure"><br><img src="policy-subjects-in-wsdl.jpg" alt="Policy Subjects and Effective Policy in WSDL"><p style="text-align:left"><i><span>Figure 3-3. </span>Policy Subjects and Effective Policy in WSDL</i></p><br></div>
<p>The WSDL <code>service</code> element represents the service policy subject. Policy
expressions associated with a service policy subject apply to any message exchange using
any of the endpoints offered by that service.</p>
@@ -1060,7 +1060,7 @@
that message.</p>
<p>In the example below, the policy expression is attached to an endpoint policy subject.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-8. </span>Contoso’s Policy Expression Attached to WSDL binding Element</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-8. </span>Contoso’s Policy Expression Attached to WSDL binding Element</i></p>
<div class="exampleInner"><pre><wsdl:binding name="SecureBinding" type="tns:RealTimeDataInterface" >
<PolicyReference URI="#secure" />
<wsdl:operation name="GetRealQuote">…</wsdl:operation>
@@ -1108,7 +1108,7 @@
attached to the <code>SecureBinding</code> WSDL binding and<code>RealTimeDataPort</code>
WSDL port descriptions.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-9. </span>Multiple Policy Expressions Attached to Endpoint Policy Subject </i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-9. </span>Multiple Policy Expressions Attached to Endpoint Policy Subject </i></p>
<div class="exampleInner"><pre><Policy wsu:Id=”common2”>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
<wsap:UsingAddressing />
@@ -1153,7 +1153,7 @@
words, the combination of two policies is the cross product of alternatives in these two
policies.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-10. </span>Effective Policy of the Endpoint Policy Subject in the Previous Example</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-10. </span>Effective Policy of the Endpoint Policy Subject in the Previous Example</i></p>
<div class="exampleInner"><pre><Policy>
<All>
<Policy>
@@ -1194,7 +1194,7 @@
<p>The example below represents a Contoso version 1 policy expression. This expression
requires the use of addressing and transport-level security for protecting messages. </p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-11. </span>Contoso’s Version 1 Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-11. </span>Contoso’s Version 1 Policy Expression</i></p>
<div class="exampleInner"><pre><Policy>
<ExactlyOne>
<All>
@@ -1214,7 +1214,7 @@
clients have the option to migrate from using old policy alternatives to new policy
alternatives.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 3-12. </span>Contoso’s Version 2 Policy Expression</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 3-12. </span>Contoso’s Version 2 Policy Expression</i></p>
<div class="exampleInner"><pre><Policy>
<ExactlyOne>
<All>
@@ -1307,7 +1307,7 @@
<p>Let us look at the anatomy of a policy assertion from the security domain. The policy
expression in the diagram below uses the <code>sp:IssuedToken</code> policy assertion.
This assertion illustrates the use of assertion parameters and nested policy.</p>
- <div class="figure" style="text-align: center"><br><img src="policy-assertion.jpg" alt="sp:IssuedToken Policy Assertion"><p style="text-align:left"><i><span>Figure 4-1. </span>sp:IssuedToken Policy Assertion</i></p><br></div>
+ <div style="text-align: center" class="figure"><br><img src="policy-assertion.jpg" alt="sp:IssuedToken Policy Assertion"><p style="text-align:left"><i><span>Figure 4-1. </span>sp:IssuedToken Policy Assertion</i></p><br></div>
<p>The <code>sp:IssuedToken</code> element is a policy assertion that identifies the use of
a security token – such as SAML token - issued by a third party for protecting messages. A
policy assertion is an XML element. The QName of this element represents the behavior
@@ -1490,7 +1490,7 @@
additional useful information for engaging the behavior that is irrelevant to
compatibility tests.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 4-1. </span>Policy Assertion with Assertion Parameters</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 4-1. </span>Policy Assertion with Assertion Parameters</i></p>
<div class="exampleInner"><pre><Policy>
<sp:SignedParts>
<sp:Body />
@@ -1606,7 +1606,7 @@
Such equivalent behaviors can be modeled as independent assertions. The policy
expression in the example below requires the use of WSS: SOAP Message Security 1.0.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 4-2. </span>Message-level Security and WSS: SOAP Message Security 1.0</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 4-2. </span>Message-level Security and WSS: SOAP Message Security 1.0</i></p>
<div class="exampleInner"><pre><Policy>
<sp:Wss10>…</sp:Wss10>
</Policy></pre></div>
@@ -1615,7 +1615,7 @@
Security 1.1. These are multiple equivalent behaviors and are represented using distinct
policy assertions.</p>
<div class="exampleOuter">
- <p style="text-align: left" class="exampleHead"><i><span>Example 4-3. </span>Message-level Security and WSS: SOAP Message Security 1.1</i></p>
+ <p class="exampleHead" style="text-align: left"><i><span>Example 4-3. </span>Message-level Security and WSS: SOAP Message Security 1.1</i></p>
<div class="exampleInner"><pre><Policy>
<sp:Wss11>…</sp:Wss11>
</Policy></pre></div>
@@ -1624,7 +1624,7 @@
behaviors.</p>
</div>
<div class="div3">
-<h4><a name="N67888"></a>4.4.8 Versioning Policy Language</h4>
+<h4><a name="versioning-policy-language"></a>4.4.8 Versioning Policy Language</h4>
<p>EdNote: The WG is contemplating moving some or all of this material into a non-normative appendix of the framework or attachment document. User feedback is solicited</p>
<p>Over time, the Policy WG or third parties can version or extend the Policy Language with new or modified constructs. These constructs may be compatible or incompatible with previous versions. Some of the possible new constructs that have been mentioned previously are: new operators, operator cardinality, policy identification, compact syntax, Policy Inclusion, security, referencing, attachment points, alternative
priority, effective dating, negotiation. </p>
@@ -1638,10 +1638,10 @@
</ol>
<div class="div4">
-<h5><a name="N67920"></a>4.4.8.1 Policy Framework</h5>
+<h5><a name="versioning-policy-framework"></a>4.4.8.1 Policy Framework</h5>
<p>WS-Policy Framework 1.5 specifies that any element that is not known inside a Policy, ExactlyOne or All will be treated as an assertion. The default value for wsp:Optional="false", which means after normalization it will be inside an ExactlyOne/All operator. </p>
<p>Let us show an example with a hypothetical new operator that is a Choice with a minOccurs and a maxOccurs attributes, ala XSD:Choice, in a new namespace. We use the wsp16 prefix to indicate a hypothetical Policy Language 1.6 that is intended to be compatible with Policy Language 1.5:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-4. </span>Policy containing 1.5 and 1.6 Policies.</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-4. </span>Policy containing 1.5 and 1.6 Policies.</i></p>
<div class="exampleInner"><pre><wsp:Policy>
<wsp:ExactlyOne>
<wsp16:Choice wsp16:minOccurs="1" wsp16:maxOccurs="2">
@@ -1654,7 +1654,7 @@
</wsp:Policy></pre></div>
</div>
<p>The normalization rule for wsp:Optional="false" would be applied to the wsp16:Choice, yielding the following expression:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-5. </span>Normalized Policy containing 1.5 and 1.6 Policies</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-5. </span>Normalized Policy containing 1.5 and 1.6 Policies</i></p>
<div class="exampleInner"><pre><wsp:Policy>
<wsp:ExactlyOne>
<wsp:ExactlyOne>
@@ -1672,7 +1672,7 @@
</div>
<p>Alternatively, the wsp:Optional could be set to "true" on the choice, as
in:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-6. </span>Policy containing explicit wsp:Optional="true"</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-6. </span>Policy containing explicit wsp:Optional="true"</i></p>
<div class="exampleInner"><pre><wsp:Policy>
<wsp16:Choice wsp16:minOccurs="1" wsp16:maxOccurs="2"
wsp:Optional="true">
@@ -1681,7 +1681,7 @@
</wsp:Policy></pre></div>
</div>
<p>The normalized form will be:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-7. </span>Normalized policy</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-7. </span>Normalized policy</i></p>
<div class="exampleInner"><pre><wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
@@ -1697,7 +1697,7 @@
like it has a wsp16:Choice typed assertion. To determine intersection with a Policy that does not have the wsp16:Choice type assertion, domain specific processing would have to be done. However, there is an alternative that does not have the wsp16:Choice, so intersection would yield the expecteded result.
</p>
<p>Note: it is possible to add new names to the existing namespace, such as: </p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-8. </span>Policy containing 1.5 and 1.6 Policies all in the 1.5 namespace</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-8. </span>Policy containing 1.5 and 1.6 Policies all in the 1.5 namespace</i></p>
<div class="exampleInner"><pre><wsp:Policy>
<wsp:ExactlyOne>
<wsp:Choice wsp:minOccurs="1" wsp:maxOccurs="2">
@@ -1717,7 +1717,7 @@
<p>Incompatible versions of the Policy language may be indicated by a new namespace name for at least the new and/or incompatible elements or attributes. Imagine that the Choice operator is required by a future version of Policy, then there will be a new namespace for the Policy element. We use the wsp20 prefix to indicate a hypothetical Policy Language 2.0 that is intended to be incompatible with Policy Language
1.5:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-9. </span>Policy containing 2.0 only Policies.</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-9. </span>Policy containing 2.0 only Policies.</i></p>
<div class="exampleInner"><pre><wsp20:Policy>
<wsp20:ExactlyOne>
<wsp20:Choice wsp:minOccurs="1" wsp:maxOccurs="2">
@@ -1731,7 +1731,7 @@
<p>The new Policy operator could be embedded inside an existing Policy
element:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-10. </span>Policy containing 2.0 (incompatible with 1.5) Policies embedded in wsp 1.5 Policy.</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-10. </span>Policy containing 2.0 (incompatible with 1.5) Policies embedded in wsp 1.5 Policy.</i></p>
<div class="exampleInner"><pre><wsp:Policy>
<wsp20:Choice wsp:minOccurs="1" wsp:maxOccurs="2">
...
@@ -1745,7 +1745,7 @@
<p>Best practice: use a new namespace for new incompatible construct and insert inside either: new Policy element OR existing All for future incompatible policy extensions.</p>
<p>A future version of WS-Policy could support the current operators in the existing namespace, such as:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-11. </span>Policy containing 1.5 operator in 2.0 Policy</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-11. </span>Policy containing 1.5 operator in 2.0 Policy</i></p>
<div class="exampleInner"><pre><wsp20:Policy>
<wsp:ExactlyOne>
<wsp20:Choice wsp:minOccurs="1" wsp:maxOccurs="2">
@@ -1759,13 +1759,13 @@
<p>It is difficult to predict whether this functionality would be useful. The future version of WS-Policy doesn't appear to be precluded from doing this.</p>
</div>
<div class="div4">
-<h5><a name="N68042"></a>4.4.8.2 Policy Attachment</h5>
+<h5><a name="versioning-policy-attachment"></a>4.4.8.2 Policy Attachment</h5>
<p>Policy attachment provides WSDL 1.1 and UDDI attachment points. It appears that exchange of Policy will be in the context of WSDL or UDDI.
WRT WSDL, the policy model is an extension of the WSDL definition. As such, it is likely that future versions of Policy will be exchanged as multiple Policy expressions within a WSDL. One alternative is that there would be a separate WSDL for each version of Policy. The problem of how to specify and query for compound documents is very difficult, so it is more likely that each version of Policy will be exchanged within a WSDL. </p>
<p>We show an example of a new version of policy that allows Qname reference to Policies in the PolicyReference:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-12. </span>WSDL containing 1.5 and 2.0 (compatible with 2.0) Policy References.</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-12. </span>WSDL containing 1.5 and 2.0 (compatible with 2.0) Policy References.</i></p>
<div class="exampleInner"><pre><wsdl11:binding name="StockQuoteSoapBinding" type="fab:Quote" >
<wsoap12:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
@@ -1791,7 +1791,7 @@
<p>The PolicyReference is attribute extensible. One example of an addition is a list of backup URIs for the policyReference:</p>
-<div class="exampleOuter"><p style="text-align: left" class="exampleHead"><i><span>Example 4-13. </span>WSDL containing 1.5 and 2.0 (compatible with 2.0) Policy References.</i></p>
+<div class="exampleOuter"><p class="exampleHead" style="text-align: left"><i><span>Example 4-13. </span>WSDL containing 1.5 and 2.0 (compatible with 2.0) Policy References.</i></p>
<div class="exampleInner"><pre><wsdl11:binding name="StockQuoteSoapBinding" type="fab:Quote" >
<wsoap12:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
@@ -2086,6 +2086,8 @@
<p>A list of substantive changes since the previous publication is below:</p>
<ul>
<li><p>Replaced URI with IRI.</p></li>
+ <li><p>Added a new section - Versioning Policy Language.</p></li>
+ <li><p>Moved 'Security Considerations' section to the Web Services Policy 1.5 - Framework.</p></li>
</ul>
</div>
<div class="div1">
Index: ws-policy-primer.xml
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-primer.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- ws-policy-primer.xml 25 Sep 2006 04:41:48 -0000 1.9
+++ ws-policy-primer.xml 26 Sep 2006 07:31:51 -0000 1.10
@@ -1591,7 +1591,7 @@
<p>Best practice: use independent assertions for modeling multiple equivalent
behaviors.</p>
</div3>
- <div3><head>Versioning Policy Language</head>
+ <div3 id="versioning-policy-language"><head>Versioning Policy Language</head>
<p>EdNote: The WG is contemplating moving some or all of this material into a non-normative appendix of the framework or attachment document. User feedback is solicited</p>
<p>Over time, the Policy WG or third parties can version or extend the Policy Language with new or modified constructs. These constructs may be compatible or incompatible with previous versions. Some of the possible new constructs that have been mentioned previously are: new operators, operator cardinality, policy identification, compact syntax, Policy Inclusion, security, referencing, attachment points, alternative
priority, effective dating, negotiation. </p>
@@ -1604,7 +1604,7 @@
<item><p>AppliesTo: any element and any attribute</p></item>
</olist>
-<div4><head>Policy Framework</head>
+<div4 id="versioning-policy-framework"><head>Policy Framework</head>
<p>WS-Policy Framework 1.5 specifies that any element that is not known inside a Policy, ExactlyOne or All will be treated as an assertion. The default value for wsp:Optional="false", which means after normalization it will be inside an ExactlyOne/All operator. </p>
<p>Let us show an example with a hypothetical new operator that is a Choice with a minOccurs and a maxOccurs attributes, ala XSD:Choice, in a new namespace. We use the wsp16 prefix to indicate a hypothetical Policy Language 1.6 that is intended to be compatible with Policy Language 1.5:</p>
<example><head>Policy containing 1.5 and 1.6 Policies.</head>
@@ -1724,7 +1724,7 @@
<p>It is difficult to predict whether this functionality would be useful. The future version of WS-Policy doesn't appear to be precluded from doing this.</p>
</div4>
-<div4><head>Policy Attachment</head>
+<div4 id="versioning-policy-attachment"><head>Policy Attachment</head>
<p>Policy attachment provides WSDL 1.1 and UDDI attachment points. It appears that exchange of Policy will be in the context of WSDL or UDDI.
WRT WSDL, the policy model is an extension of the WSDL definition. As such, it is likely that future versions of Policy will be exchanged as multiple Policy expressions within a WSDL. One alternative is that there would be a separate WSDL for each version of Policy. The problem of how to specify and query for compound documents is very difficult, so it is more likely that each version of Policy will be exchanged within a WSDL. </p>
@@ -2044,6 +2044,8 @@
<p>A list of substantive changes since the previous publication is below:</p>
<ulist>
<item><p>Replaced URI with IRI.</p></item>
+ <item><p>Added a new section - Versioning Policy Language.</p></item>
+ <item><p>Moved 'Security Considerations' section to the &framework.title;.</p></item>
</ulist>
</inform-div1>
<inform-div1 id="change-log">
Received on Tuesday, 26 September 2006 07:32:14 UTC