- From: Ashok Malhotra <ashok.malhotra@oracle.com>
- Date: Tue, 18 Jul 2006 05:20:03 -0700
- To: "public-ws-policy@w3.org" <public-ws-policy@w3.org>
I've written this action as a new issue. Title: Nested policy as a qualifying mechanism on an assertion is too general. Description: WS-Policy allows a nested/embedded policy to be used to qualify an assertion. This is too general, as anything can appear within a policy element including assertions that have nothing to do with the parent assertion. Note that WS-SecurityPolicy seems to recognize this and includes a note: "Assertions from one domain SHOULD NOT be nested inside assertions from another domain. For example, assertions from a transaction domain should not be nested inside an assertion from a security domain. " There is, however no definition of "domain" that I could find. Further, the "Schemas" included in WS-SecurityPolicy specify which assertions can appear within the embedded policy. But this does not work as the contents of the <wsp:Policy> element cannot change depending on the context in which it appears. If the authors of WS-SecurityPolicy go to the trouble of specifying which assertions can appear within the embedded policy, why don't they simply specify these assertions as possible children of the parent assertion. Target: WS-Policy Framework Proposal: Instead of nested policies, allow assertions to be qualified by defining possible child elements for them. All the best, Ashok
Received on Tuesday, 18 July 2006 12:20:28 UTC