RE: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL from Toufic Boubez on 2006-07-18 (public-ws-policy@w3.org from July 2006)

From: Toufic Boubez <tboubez@layer7tech.com>
Date: Tue, 18 Jul 2006 07:26:56 -0700
To: "Toufic Boubez" <tboubez@layer7tech.com>, <public-ws-policy@w3.org>
Message-ID: <970F9C1BF72BF24C8932796D254568B7D4C989@layer7-mx0.l7tech.local>

More information:
 
Justification - This issue was raised by the WS-Policy interop in April 2006 in Germany.
 
Reference - http://www.w3.org/2006/07/13-ws-policy-minutes.html#action32
 
Toufic Boubez, Ph.D.
Chief Technology Officer
 
LAYER 7 TECHNOLOGIES / Advancing the application network.
604.681.9377 x310 (w)   604.288.7970 (m)
tboubez@layer7tech.com <mailto:tboubez@layer7tech.com>  (e)  www.layer7tech.com (w)


________________________________

From: public-ws-policy-request@w3.org on behalf of Toufic Boubez
Sent: Mon 7/17/2006 10:02 PM
To: public-ws-policy@w3.org
Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL


Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL
 
Description - If the security policy assertion requires the use of HTTPS transport level security and WSDL port address uses HTTP scheme, what is the best practice guidance for requestors?
 
Target - WS-Policy Attachment 1.5? Primer?
 
Proposal - Not sure if I have an absolute proposal, but I'll get the ball rolling: I propose that if there is a conflict, that since presumably the policy authors are a better authority as to what policies should exist for a service, whereas the WSDL might have been automatically generated by a tool or a developer, the policy assertion takes precedence.
 
Toufic Boubez, Ph.D.
Chief Technology Officer
 
LAYER 7 TECHNOLOGIES / Advancing the application network.
604.681.9377 x310 (w)   604.288.7970 (m)
tboubez@layer7tech.com <mailto:tboubez@layer7tech.com>  (e)  www.layer7tech.com (w)

Received on Tuesday, 18 July 2006 14:29:47 UTC