[Bug 3894] Definition of equivalence for WSDL 2.0 component model {policy} properties

http://www.w3.org/Bugs/Public/show_bug.cgi?id=3894

           Summary: Definition of equivalence for WSDL 2.0 component model
                    {policy} properties
           Product: WS-Policy
           Version: FPWD
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Attachment
        AssignedTo: fsasaki@w3.org
        ReportedBy: ryman@ca.ibm.com
         QAContact: public-ws-policy-qa@w3.org


Description: The WSDL 2.0 Attachement Spec defines the {policy} property but
does not define how to compare its values for equivalence. The spec is
therefore incomplete.

Justification:  Any WSDL 2.0 extension must define the meaning of equivalence
since it is used in the definition of WSDL 2.0 component model validity. [1] If
the spec does not define the meaning of {policy} equivalence then interop
problems may arise, e.g. one implementation may produce WSDL 2.0 documents that
another implementation regards as invalid. Furthermore, since WSDL 2.0
component models can be assembled from multiple documents which may contain
repeated definitions of the same component, a clear test for equivalence is
needed in order to detect any differences. These differences may be accidental
errors introduced at authoring time, systematic errors injected at runtime, or
malicious errors created by attackers.

Target: This affects the WSDL 2.0 Attachment Specification.

Proposal: The following text should be added to the WSDL 2.0 Attachment
Specificationin Section 5.3 after Table 5-2 to make the definition of {policy}
property value equivalence clear:

Two {policy} properties are equivalent when they represent policies that
contain the same number of policy alternatives, and each policy alternative in
the first policy is equivalent to some policy alternative in the second policy,
and conversely. 

Two policy alternatives are equivalent when each policy assertion in the first
policy alternative is equivalent to some policy assertion in the second policy
alternative, and conversely.  If either policy alternative contains multiple
policy assertions of the same type, policy alternative equality is dependent on
the semantics of that assertion type.

Two policy assertions are equivalent if they have the same QName and, if either
policy assertion has a nested policy, both assertions must have a nested policy
and the nested policies must be equal.  If either assertion contains policy
assertion parameters, then the policy assertion parameters SHOULD be compared
for equality.  Comparing policy assertion parameters for equality is not
defined by this document, but policy assertion equality may be further refined
by the corresponding policy assertion specification.

[1] http://www.w3.org/TR/2006/CR-wsdl20-20060327/#compequiv

Received on Monday, 30 October 2006 19:14:16 UTC