[Bug 3953] Remove language that use of security policy assertions forces nested assertions for other domains

http://www.w3.org/Bugs/Public/show_bug.cgi?id=3953





------- Comment #1 from frederick.hirsch@nokia.com  2006-12-05 13:55 -------
In latest revision of Guidelines [1], the full text in section 6 is:

"Domain authors must be aware of the interactions between their domain and
other domains. For example, security assertions interact with other protocol
assertions in a composition. Although modeling protocol assertions may appear
to be an independent behavior, protocol assertions and security assertions
affect transport bindings and their interactions must be considered. For
example utilization of WS-Security Policy with other protocols affects
transport bindings and would result in nested policy assertions when additional
protocols are composed with WS-Security 2004. Thus, domain authors should be
aware of the compositional semantics with other related domains. The protocol
assertions that require composition with WS-Security should be particularly
aware of the nesting requirements on top of transport level security."

(a) In particular, the following sentence needs more elaboration:
"For example utilization of WS-Security Policy with other protocols affects
transport bindings and would result in nested policy assertions when additional
protocols are composed with WS-Security 2004."

Which other protocols? Why should independent security headers affect other
non-security SOAP headers? Which policy assertions would become nested because
of an interaction, headers in another domain?

A paragraph explaining (with an example) the issue in reliable messaging would
help. It isn't obvious which assertions would become nested in which, so a
concrete example could make the issue clearer.

(b) In addition, the following sentence needs clarification:
"The protocol assertions that require composition with WS-Security should be
particularly aware of the nesting requirements on top of transport level
security.""

What nesting requirements?


Proposal 

i) add "can" to second sentence:
"For example, security assertions can interact with other protocol assertions
in a composition"

ii) replace "WS-Security Policy" with "WS-SecurityPolicy" (editorial)

iii) Add text to clarify and answer questions associated with (a) and (b)
above.


[1]
http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-guidelines.html?rev=1.11

Received on Tuesday, 5 December 2006 13:57:31 UTC