[Bug 4318] [All docs] Which WS-SecurityPolicy version should be used as a reference

http://www.w3.org/Bugs/Public/show_bug.cgi?id=4318

           Summary: [All docs] Which WS-SecurityPolicy version should be
                    used as a reference
           Product: WS-Policy
           Version: LC
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Framework+Attachment+Guidelines
        AssignedTo: fsasaki@w3.org
        ReportedBy: umit.yalcinalp@sap.com
         QAContact: public-ws-policy-qa@w3.org


Title: Which WS-SecurityPolicy version should be used as a reference?

Description: The following WS-Policy documents use references to
WS-SecurityPolicy 1.0. [1]. 

-- Framework
-- Attachment
-- Primer
-- Guidelines

Note: There was not a component to target all the documents, hence
Framework+Attachment+Guidelines was used to post this bug. Primer is included
in this issue as well. 

The posted interop scenerios document to the wg [3] refer to the
WS-SecurityPolicy 1.2 [2]. If the intent of the interop scenerios is to test
the policy framework, the dependency is unfortunately broken. 

There are differences between the versions of WS-SecurityPolicy. For example,
sp:HttpsToken is now a nested assertion instead of a parametric assertion using
attributes for requiring client certificate. This difference is used in testing
empty nested assertions in the interop scenerios. Thus affects the way that the
tests are perceived and used without requiring domain specific processing. 

Justification: The version of the Security policy used in the interop scenerios
should reflect the version in the document and vice versa. They must match.
Thus, updating the documents with the latest version of the security policy
would eliminate confusion from the readers understanding and the use of the
security policy. Otherwise, what is really tested does not reflect the
documents being reviewed. 

Proposal: Update all the versions of the documents to the latest version of
WS-SecurityPolicy to reflect the reality of what is tested. 


[1]
http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-securitypolicy-1.0.pdf

[2]
http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/21401/ws-securitypolicy-1.2-spec-cd-01.pdf

[3] http://lists.w3.org/Archives/Public/public-ws-policy/2007Feb/0008.html

Received on Monday, 12 February 2007 21:46:43 UTC