- From: Yalcinalp, Umit <umit.yalcinalp@sap.com>
- Date: Wed, 19 Jul 2006 17:57:10 -0700
- To: "Christopher B Ferris" <chrisfer@us.ibm.com>, "Sverdlov, Yakov" <Yakov.Sverdlov@ca.com>
- Cc: <public-ws-policy@w3.org>, <public-ws-policy-request@w3.org>, "Toufic Boubez" <tboubez@layer7tech.com>
- Message-ID: <2BA6015847F82645A9BB31C7F9D6416501C16339@uspale20.pal.sap.corp>
Hi Chris, I am not sure which "spec" you are referring to. If I am following this thread correctly, the intent here is to provide some guidelines to deal with this situation and if we decide to deal with it in a non-normative manner, I see this as a potential item to be included into the primer. I see no harm pointing out the pitfalls to users. Thanks, --umit ________________________________ From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Christopher B Ferris Sent: Tuesday, Jul 18, 2006 7:56 AM To: Sverdlov, Yakov Cc: public-ws-policy@w3.org; public-ws-policy-request@w3.org; Toufic Boubez Subject: RE: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL I agree that this is out of scope. There are plenty of work-arounds for situations such as that cited (e.g. use HTTP redirect to the secure URI). IMO, this is a profiling issue, not something that the spec need be concerned with. Cheers, Christopher Ferris STSM, Software Group Standards Strategy email: chrisfer@us.ibm.com blog: http://www.ibm.com/developerworks/blogs/dw_blog.jspa?blog=440 phone: +1 508 377 9295 public-ws-policy-request@w3.org wrote on 07/18/2006 10:46:49 AM: > I agree that the policy assertion takes precedence. My understanding > is that the same "canned" policy, which requires HTTPS, may > potentially be attached to different WSDLs at the management stage, > and if WSDL port for a particular WS uses HTTP, the policy will be > appropriately enforced at runtime i.e. rejecting the request. > > I think this is a legitimate conflict, and it has to do with the > policy management and enforcement which is out of scope. May be the > Attachment Primer should provide some guidance in regard to possible > policy attachment outcomes during the enforcement phase for two > categories 'conflict' and 'ambiguity': > > 1. Conflict between the policy assertion and WSDL (not limited to > the transport) > 2. Ambiguity as described by Ashok for the MQ transport scenario, > which the Primer should recommend to avoid > > Regards, > Yakov Sverdlov > CA > > > > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > request@w3.org] On Behalf Of Toufic Boubez > Sent: Tuesday, July 18, 2006 10:27 AM > To: Toufic Boubez; public-ws-policy@w3.org > Subject: RE: NEW ISSUE: HTTP/HTTPS conflict resolution between > policy assertion and WSDL > > More information: > > Justification - This issue was raised by the WS-Policy interop in > April 2006 in Germany. > > Reference - http://www.w3.org/2006/07/13-ws-policy-minutes.html#action32 > > Toufic Boubez, Ph.D. > Chief Technology Officer > > LAYER 7 TECHNOLOGIES / Advancing the application network. > 604.681.9377 x310 (w) 604.288.7970 (m) > tboubez@layer7tech.com (e) www.layer7tech.com (w) > > > From: public-ws-policy-request@w3.org on behalf of Toufic Boubez > Sent: Mon 7/17/2006 10:02 PM > To: public-ws-policy@w3.org > Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy > assertion and WSDL > Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL > > Description - If the security policy assertion requires the use of > HTTPS transport level security and WSDL port address uses HTTP > scheme, what is the best practice guidance for requestors? > > Target - WS-Policy Attachment 1.5? Primer? > > Proposal - Not sure if I have an absolute proposal, but I'll get the > ball rolling: I propose that if there is a conflict, that since > presumably the policy authors are a better authority as to what > policies should exist for a service, whereas the WSDL might have > been automatically generated by a tool or a developer, the policy > assertion takes precedence. > > Toufic Boubez, Ph.D. > Chief Technology Officer > > LAYER 7 TECHNOLOGIES / Advancing the application network. > 604.681.9377 x310 (w) 604.288.7970 (m) > tboubez@layer7tech.com (e) www.layer7tech.com (w)
Received on Thursday, 20 July 2006 00:54:39 UTC