- From: David Orchard via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 16 Jan 2007 22:09:02 +0000
- To: public-ws-policy-eds@w3.org
Update of /sources/public/2006/ws/policy
In directory hutz:/tmp/cvs-serv28992
Modified Files:
ws-policy-framework.xml ws-policy-framework.html
Log Message:
Issue 4210 resolution
Index: ws-policy-framework.xml
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-framework.xml,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -d -r1.97 -r1.98
--- ws-policy-framework.xml 8 Jan 2007 17:20:43 -0000 1.97
+++ ws-policy-framework.xml 16 Jan 2007 22:09:00 -0000 1.98
@@ -526,10 +526,7 @@
<p>This section describes how to convey <termref def='policy'>policy</termref> in an interoperable form,
using the XML Infoset representation of a policy. <termdef id='policy_expression' term='policy expression'>A <term>policy expression</term>
is an XML Infoset representation of a <termref def='policy'>policy</termref>,
- either in a normal form or in an equivalent compact form.</termdef> Other subsections below describe
- several important aspects related to policy expression, namely
- (i) Normal form of a policy expression (ii) Compact form of a policy expression
- (iii) Identification of policy expressions and (iv) Policy intersection.
+ either in a normal form or in an equivalent compact form.</termdef>
</p>
<p> The normal form of a policy expression is the most straightforward
Infoset representation; equivalent, alternative Infosets allow compactly
@@ -705,7 +702,8 @@
<olist>
<item><p>Start with the <emph role="infoset-property">document
-element</emph> property D of the Document Information Item of the
+element</emph> property D of the Document Information Item (as defined in the XML Information Set [<bibref
+ ref="XMLInfoset"/>]) of the
policy expression. The <emph role="infoset-property">namespace
name</emph> of D is always <code>"&nsuri;"</code>. In the base case,
the <emph role="infoset-property">local name</emph> property of D is
@@ -713,7 +711,8 @@
role="infoset-property">local name</emph> property of D is
<code>"Policy"</code>, <code>"ExactlyOne"</code>, or
<code>"All"</code>.</p></item>
-<item><p>Expand Element Information Items in the <emph
+<item><p>Expand Element Information Items (as defined in the XML Information Set [<bibref
+ ref="XMLInfoset"/>]) in the <emph
role="infoset-property">children</emph> property of D that are policy
references per Section <specref ref='Policy_Inclusion'/>.</p></item>
<item><p>Convert each Element Information Item C in the <emph
@@ -1392,11 +1391,11 @@
<head>Security Considerations</head>
<p>It is <rfc2119>RECOMMENDED</rfc2119> that <termref def='policy'>policies</termref> and
-<termref def='policy_assertion'>assertions</termref> be signed to prevent tampering.</p>
+<termref def='policy_assertion'>assertions</termref> be integrity protected to permit the detection of tampering. This can be done using a technology such as XML DSig [<bibref ref="XML-Signature" />], SSL/TLS [<bibref ref="RFC2246"/>], or WS-Security 2004 [<bibref ref="WS-Security"/>].</p>
<p>Policies <rfc2119>SHOULD NOT</rfc2119> be accepted unless they are signed and have an
associated security token to specify the signer has the right to
-"speak for" the <termref def='policy_scope'>scope</termref>containing the policy. That is, a relying party
+"speak for" the <termref def='policy_scope'>scope</termref> containing the policy. That is, a relying party
shouldn't rely on a policy unless the policy is signed and presented
with sufficient credentials to pass the relying parties' acceptance
criteria.</p>
@@ -1723,7 +1722,11 @@
J. Kahan and K. Lanz, Editors. World Wide Web
Consortium, 17 August 2006.
Available at http://www.w3.org/2006/04/c14n-note/c14n-note.html.
- </bibl>
+ </bibl>
+ <bibl key="IETF RFC 3023"
+ href="http://www.ietf.org/rfc/rfc2246.txt" id="RFC2246">IETF
+ "RFC 2246: The TLS Protocol", T. Dierks, C. Allen, January
+ 1999.</bibl>
<bibl id="SOAP11" key="SOAP 1.1"
href="http://www.w3.org/TR/2000/NOTE-SOAP-20000508/">
<titleref>Simple Object Access Protocol (SOAP)
@@ -2353,6 +2356,15 @@
<td>Reset Section <specref ref="change-description"/>.
</td>
</tr>
+
+ <tr>
+ <td>20070116</td>
+ <td>DBO</td>
+ <td>Completed action item:
+ <loc href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/123">123</loc> and
+ <loc href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/115">115 </loc>
+ Resolution for issue <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=4210">4210</loc></td>
+ </tr>
</tbody>
</table>
</inform-div1>
Index: ws-policy-framework.html
===================================================================
RCS file: /sources/public/2006/ws/policy/ws-policy-framework.html,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -d -r1.79 -r1.80
--- ws-policy-framework.html 8 Jan 2007 17:20:44 -0000 1.79
+++ ws-policy-framework.html 16 Jan 2007 22:09:00 -0000 1.80
@@ -351,10 +351,7 @@
<h2><a name="rPolicy_Expression"></a>4. Policy Expression</h2><p>This section describes how to convey <a title="policy" href="#policy">policy</a> in an interoperable form,
using the XML Infoset representation of a policy. [<a name="policy_expression" title="policy expression">Definition</a>: A <b>policy expression</b>
is an XML Infoset representation of a <a title="policy" href="#policy">policy</a>,
- either in a normal form or in an equivalent compact form.] Other subsections below describe
- several important aspects related to policy expression, namely
- (i) Normal form of a policy expression (ii) Compact form of a policy expression
- (iii) Identification of policy expressions and (iv) Policy intersection.
+ either in a normal form or in an equivalent compact form.]
</p><p> The normal form of a policy expression is the most straightforward
Infoset representation; equivalent, alternative Infosets allow compactly
expressing a policy through a number of constructs.</p><p>This specification does not define processing for arbitrary <code class="elt">wsp:Policy</code>
@@ -449,13 +446,13 @@
below.</p><p>To interpret a compact <a title="policy expression" href="#policy_expression">expression</a> in an interoperable form,
a compact expression may be converted to the corresponding normal form
expression by the following procedure:</p><ol><li><p>Start with the <strong>[document
-element]</strong> property D of the Document Information Item of the
+element]</strong> property D of the Document Information Item (as defined in the XML Information Set [<cite><a href="#XMLInfoset">XML Information Set</a></cite>]) of the
policy expression. The <strong>[namespace
name]</strong> of D is always <code>"http://www.w3.org/@@@@/@@/ws-policy"</code>. In the base case,
the <strong>[local name]</strong> property of D is
<code>"Policy"</code>; in the recursive case, the <strong>[local name]</strong> property of D is
<code>"Policy"</code>, <code>"ExactlyOne"</code>, or
-<code>"All"</code>.</p></li><li><p>Expand Element Information Items in the <strong>[children]</strong> property of D that are policy
+<code>"All"</code>.</p></li><li><p>Expand Element Information Items (as defined in the XML Information Set [<cite><a href="#XMLInfoset">XML Information Set</a></cite>]) in the <strong>[children]</strong> property of D that are policy
references per Section <a href="#Policy_Inclusion"><b>4.3.5 Policy Inclusion</b></a>.</p></li><li><p>Convert each Element Information Item C in the <strong>[children]</strong> property of D into normal
form.</p><ol><li><p>If the <strong>[namespace name]</strong>
property of C is <code>"http://www.w3.org/@@@@/@@/ws-policy"</code> and the <strong>[local
@@ -879,9 +876,9 @@
3986 [<cite><a href="#RFC3986">IETF RFC 3986</a></cite>] and 3987 [<cite><a href="#RFC3987">IETF RFC 3987</a></cite>]
for establishing a base URI against which relative IRIs can be made absolute.</p></div></div><div class="div1">
<h2><a name="Security_Considerations"></a>5. Security Considerations</h2><p>It is <span class="rfc2119">RECOMMENDED</span> that <a title="policy" href="#policy">policies</a> and
-<a title="policy assertion" href="#policy_assertion">assertions</a> be signed to prevent tampering.</p><p>Policies <span class="rfc2119">SHOULD NOT</span> be accepted unless they are signed and have an
+<a title="policy assertion" href="#policy_assertion">assertions</a> be integrity protected to permit the detection of tampering. This can be done using a technology such as XML DSig [<cite><a href="#XML-Signature">XML-Signature</a></cite>], SSL/TLS [<cite><a href="#RFC2246">IETF RFC 3023</a></cite>], or WS-Security 2004 [<cite><a href="#WS-Security">WS-Security 2004</a></cite>].</p><p>Policies <span class="rfc2119">SHOULD NOT</span> be accepted unless they are signed and have an
associated security token to specify the signer has the right to
-"speak for" the <a title="policy scope" href="#policy_scope">scope</a>containing the policy. That is, a relying party
+"speak for" the <a title="policy scope" href="#policy_scope">scope</a> containing the policy. That is, a relying party
shouldn't rely on a policy unless the policy is signed and presented
with sufficient credentials to pass the relying parties' acceptance
criteria.</p><p>It should be noted that the mechanisms described in this document
@@ -1080,7 +1077,9 @@
J. Kahan and K. Lanz, Editors. World Wide Web
Consortium, 17 August 2006.
Available at http://www.w3.org/2006/04/c14n-note/c14n-note.html.
- </dd><dt class="label"><a name="SOAP11"></a>[SOAP 1.1] </dt><dd>
+ </dd><dt class="label"><a name="RFC2246"></a>[IETF RFC 3023] </dt><dd>IETF
+ "RFC 2246: The TLS Protocol", T. Dierks, C. Allen, January
+ 1999. (See <cite><a href="http://www.ietf.org/rfc/rfc2246.txt">http://www.ietf.org/rfc/rfc2246.txt</a></cite>.)</dd><dt class="label"><a name="SOAP11"></a>[SOAP 1.1] </dt><dd>
<cite><a href="http://www.w3.org/TR/2000/NOTE-SOAP-20000508/">Simple Object Access Protocol (SOAP)
1.1</a></cite>, D. Box, et al, Editors. World Wide Web
Consortium, 8 May 2000.
@@ -1366,4 +1365,7 @@
resolution for issue
<a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=4038">4038</a> - Nested policy not in normal form in section 4.3.2.
</td></tr><tr><td rowspan="1" colspan="1">20070108</td><td rowspan="1" colspan="1">ASV</td><td rowspan="1" colspan="1">Reset Section <a href="#change-description"><b>D. Changes in this Version of the Document</b></a>.
- </td></tr></tbody></table><br></div></div></body></html>
\ No newline at end of file
+ </td></tr><tr><td rowspan="1" colspan="1">20070116</td><td rowspan="1" colspan="1">DBO</td><td rowspan="1" colspan="1">Completed action item:
+ <a href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/123">123</a> and
+ <a href="http://www.w3.org/2005/06/tracker/wspolicyeds/actions/115">115 </a>
+ Resolution for issue <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=4210">4210</a></td></tr></tbody></table><br></div></div></body></html>
\ No newline at end of file
Received on Tuesday, 16 January 2007 22:09:10 UTC