[Bug 3672] Clarify the policy model for Web Services

http://www.w3.org/Bugs/Public/show_bug.cgi?id=3672

           Summary: Clarify the policy model for Web Services
           Product: WS-Policy
           Version: FPWD
          Platform: All
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Framework
        AssignedTo: yakov.sverdlov@ca.com
        ReportedBy: yakov.sverdlov@ca.com
         QAContact: public-ws-policy-qa@w3.org


I think it makes sense to decouple the policy model for web services in section
3.4 from the requester/provider paradigm and to describe the model in terms of
entities in a Web services-based system. Let’s look at the traditional stock
trading use case for the authorization domain, i.e. a client application sends
a trade request to a web service.

There may be the following entities (with associated distinct
policies/subjects) involved in this interaction: requester application;
requester device (wireless PDA, cell phone), on which the application is
running; and web service provider (application). Any component of Web
infrastructure (WAP gateway, web server, application server, etc) may also be
considered an entity in this interaction and may have an authorization policy –
for example, “Do not accept a trade order with the amount of more than $1M if
the order comes through WAP”. The same may apply to the policy processor itself
with the policy specifying something like “Only policies starting from the
WS-Policy version 1.6 are accepted…”

It is my understanding that, in this particular example, at least five policies
for the same policy domain will have to be evaluated. It is also my
understanding that these polices may be attached to different policy subjects:
requester app or message; requester device; message; Web infrastructure
component; and WS-Policy version; respectively.

In my opinion, the policy model in the section 3.4 should describe such
actions, as conveying the conditions, using the policy, choosing an
alternative, policy assertion support, etc, in regard to an entity in a Web
services-based system instead of binding these actions to a requester or
provider.


Justification:
The proposal is intended to address the following discrepancies/issues:
1.      The title does not correctly reflect the content of the section
2.      The model should be presented in a slightly more abstract form to
better fit with the potential Framework use cases.
3.      The use case, which is described in the section, should not be
presented as typical.

Target:
WS-Policy Framework, 3.4 Web Services

Proposal:
The proposal includes the following changes:

1. Change the section 3.4 title from “Web Services” to “Policies of Entities in
a Web services-based system”

2. Modify the text of section 3.4. 

I don’t have the actual text for the proposed change. 

The first paragraph may begin as:

 “Applied in the Web services model, policy is used to convey conditions on an
interaction between entities in a Web services-based system (requester,
provider, Web infrastructure component, etc). Typically, an entity in a Web
services-based system exposes a policy to convey conditions under which it
functions…”

The requester/provider scenario should be present in the section almost “as is”
to illustrate one of the possible use cases.

Received on Friday, 8 September 2006 01:04:30 UTC