Re: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL from Anthony Nadalin on 2006-07-18 (public-ws-policy@w3.org from July 2006)

From: Anthony Nadalin <drsecure@us.ibm.com>
Date: Tue, 18 Jul 2006 05:02:10 -0600
To: "Toufic Boubez" <tboubez@layer7tech.com>, "public-ws-policy" <public-ws-policy@w3.org>
Message-ID: <OF6ACF2715.E8E58109-ON872571AF.003C9FE3@us.ibm.com>

Isn't this out of scope as there are many ways to specify conflicting options

-----------------
Sent from Tony's BlackBerry.

----- Original Message -----
From: public-ws-policy-request
Sent: 07/17/2006 11:02 PM
To: <public-ws-policy@w3.org>
Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL

Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL

Description - If the security policy assertion requires the use of HTTPS transport level security and WSDL port address uses HTTP scheme, what is the best practice guidance for requestors?

Target - WS-Policy Attachment 1.5? Primer?

Proposal - Not sure if I have an absolute proposal, but I'll get the ball rolling: I propose that if there is a conflict, that since presumably the policy authors are a better authority as to what policies should exist for a service, whereas the WSDL might have been automatically generated by a tool or a developer, the policy assertion takes precedence.

Toufic Boubez, Ph.D.
Chief Technology Officer

LAYER 7 TECHNOLOGIES / Advancing the application network.
604.681.9377 x310 (w)   604.288.7970 (m)
tboubez@layer7tech.com <mailto:tboubez@layer7tech.com>  (e)  www.layer7tech.com (w)

Received on Tuesday, 18 July 2006 11:02:31 UTC