- From: <bugzilla@wiggum.w3.org>
- Date: Fri, 08 Sep 2006 01:03:57 +0000
- To: public-ws-policy-qa@w3.org
- CC:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=3672 Summary: Clarify the policy model for Web Services Product: WS-Policy Version: FPWD Platform: All OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Framework AssignedTo: yakov.sverdlov@ca.com ReportedBy: yakov.sverdlov@ca.com QAContact: public-ws-policy-qa@w3.org I think it makes sense to decouple the policy model for web services in section 3.4 from the requester/provider paradigm and to describe the model in terms of entities in a Web services-based system. Let’s look at the traditional stock trading use case for the authorization domain, i.e. a client application sends a trade request to a web service. There may be the following entities (with associated distinct policies/subjects) involved in this interaction: requester application; requester device (wireless PDA, cell phone), on which the application is running; and web service provider (application). Any component of Web infrastructure (WAP gateway, web server, application server, etc) may also be considered an entity in this interaction and may have an authorization policy – for example, “Do not accept a trade order with the amount of more than $1M if the order comes through WAP”. The same may apply to the policy processor itself with the policy specifying something like “Only policies starting from the WS-Policy version 1.6 are accepted…” It is my understanding that, in this particular example, at least five policies for the same policy domain will have to be evaluated. It is also my understanding that these polices may be attached to different policy subjects: requester app or message; requester device; message; Web infrastructure component; and WS-Policy version; respectively. In my opinion, the policy model in the section 3.4 should describe such actions, as conveying the conditions, using the policy, choosing an alternative, policy assertion support, etc, in regard to an entity in a Web services-based system instead of binding these actions to a requester or provider. Justification: The proposal is intended to address the following discrepancies/issues: 1. The title does not correctly reflect the content of the section 2. The model should be presented in a slightly more abstract form to better fit with the potential Framework use cases. 3. The use case, which is described in the section, should not be presented as typical. Target: WS-Policy Framework, 3.4 Web Services Proposal: The proposal includes the following changes: 1. Change the section 3.4 title from “Web Services” to “Policies of Entities in a Web services-based system” 2. Modify the text of section 3.4. I don’t have the actual text for the proposed change. The first paragraph may begin as: “Applied in the Web services model, policy is used to convey conditions on an interaction between entities in a Web services-based system (requester, provider, Web infrastructure component, etc). Typically, an entity in a Web services-based system exposes a policy to convey conditions under which it functions…” The requester/provider scenario should be present in the section almost “as is” to illustrate one of the possible use cases.
Received on Friday, 8 September 2006 01:04:30 UTC