Isn't this out of scope as there are many ways to specify conflicting options ----------------- Sent from Tony's BlackBerry. ----- Original Message ----- From: public-ws-policy-request Sent: 07/17/2006 11:02 PM To: <public-ws-policy@w3.org> Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL Description - If the security policy assertion requires the use of HTTPS transport level security and WSDL port address uses HTTP scheme, what is the best practice guidance for requestors? Target - WS-Policy Attachment 1.5? Primer? Proposal - Not sure if I have an absolute proposal, but I'll get the ball rolling: I propose that if there is a conflict, that since presumably the policy authors are a better authority as to what policies should exist for a service, whereas the WSDL might have been automatically generated by a tool or a developer, the policy assertion takes precedence. Toufic Boubez, Ph.D. Chief Technology Officer LAYER 7 TECHNOLOGIES / Advancing the application network. 604.681.9377 x310 (w) 604.288.7970 (m) tboubez@layer7tech.com <mailto:tboubez@layer7tech.com> (e) www.layer7tech.com (w)Received on Tuesday, 18 July 2006 11:02:31 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:33:12 UTC