NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL from Toufic Boubez on 2006-07-18 (public-ws-policy@w3.org from July 2006)

From: Toufic Boubez <tboubez@layer7tech.com>
Date: Mon, 17 Jul 2006 22:02:13 -0700
To: <public-ws-policy@w3.org>
Message-ID: <970F9C1BF72BF24C8932796D254568B7D4C986@layer7-mx0.l7tech.local>

Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL
 
Description - If the security policy assertion requires the use of HTTPS transport level security and WSDL port address uses HTTP scheme, what is the best practice guidance for requestors?
 
Target - WS-Policy Attachment 1.5? Primer?
 
Proposal - Not sure if I have an absolute proposal, but I'll get the ball rolling: I propose that if there is a conflict, that since presumably the policy authors are a better authority as to what policies should exist for a service, whereas the WSDL might have been automatically generated by a tool or a developer, the policy assertion takes precedence.
 
Toufic Boubez, Ph.D.
Chief Technology Officer
 
LAYER 7 TECHNOLOGIES / Advancing the application network.
604.681.9377 x310 (w)   604.288.7970 (m)
tboubez@layer7tech.com <mailto:tboubez@layer7tech.com>  (e)  www.layer7tech.com (w)

Received on Tuesday, 18 July 2006 05:02:34 UTC