RE: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL from Sverdlov, Yakov on 2006-07-18 (public-ws-policy@w3.org from July 2006)

From: Sverdlov, Yakov <Yakov.Sverdlov@ca.com>
Date: Tue, 18 Jul 2006 10:46:49 -0400
To: "Toufic Boubez" <tboubez@layer7tech.com>, <public-ws-policy@w3.org>
Message-ID: <ACE36C31EA815A4CBA7EBECA186C0D4197AEC1@USILMS13.ca.com>

I agree that the policy assertion takes precedence. My understanding is
that the same "canned" policy, which requires HTTPS, may potentially be
attached to different WSDLs at the management stage, and if WSDL port
for a particular WS uses HTTP, the policy will be appropriately enforced
at runtime i.e. rejecting the request.

 

I think this is a legitimate conflict, and it has to do with the policy
management and enforcement which is out of scope. May be the Attachment
Primer should provide some guidance in regard to possible policy
attachment outcomes during the enforcement phase for two categories
'conflict' and 'ambiguity': 

 

1. Conflict between the policy assertion and WSDL (not limited to the
transport)

2. Ambiguity as described by Ashok for the MQ transport scenario, which
the Primer should recommend to avoid

 

Regards,

Yakov Sverdlov

CA

 

 

________________________________

From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of Toufic Boubez
Sent: Tuesday, July 18, 2006 10:27 AM
To: Toufic Boubez; public-ws-policy@w3.org
Subject: RE: NEW ISSUE: HTTP/HTTPS conflict resolution between policy
assertion and WSDL

 

More information:

 

Justification - This issue was raised by the WS-Policy interop in April
2006 in Germany.

 

Reference - http://www.w3.org/2006/07/13-ws-policy-minutes.html#action32

 

Toufic Boubez, Ph.D.
Chief Technology Officer
 
LAYER 7 TECHNOLOGIES / Advancing the application network.
604.681.9377 x310 (w)   604.288.7970 (m)

tboubez@layer7tech.com <mailto:tboubez@layer7tech.com>  (e)
www.layer7tech.com (w)

 

________________________________

From: public-ws-policy-request@w3.org on behalf of Toufic Boubez
Sent: Mon 7/17/2006 10:02 PM
To: public-ws-policy@w3.org
Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy
assertion and WSDL

Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL

 

Description - If the security policy assertion requires the use of HTTPS
transport level security and WSDL port address uses HTTP scheme, what is
the best practice guidance for requestors?

 

Target - WS-Policy Attachment 1.5? Primer?

 

Proposal - Not sure if I have an absolute proposal, but I'll get the
ball rolling: I propose that if there is a conflict, that since
presumably the policy authors are a better authority as to what policies
should exist for a service, whereas the WSDL might have been
automatically generated by a tool or a developer, the policy assertion
takes precedence.

 

Toufic Boubez, Ph.D.
Chief Technology Officer
 
LAYER 7 TECHNOLOGIES / Advancing the application network.
604.681.9377 x310 (w)   604.288.7970 (m)

tboubez@layer7tech.com <mailto:tboubez@layer7tech.com>  (e)
www.layer7tech.com (w)

Received on Tuesday, 18 July 2006 14:47:06 UTC