- From: Asir Vedamuthu <asirveda@microsoft.com>
- Date: Sun, 23 Jul 2006 20:15:54 -0700
- To: "Frederick Hirsch" <frederick.hirsch@nokia.com>, <public-ws-policy@w3.org>
Hi Frederick, > An empty policy element should be > removed upon normalization If an assertion description allows a nested policy expression and the provider decides not to qualify this assertion with nested policy assertions, the assertion MUST include an empty Policy element [1]. > <assertion /> and <assertion><policy /></assertion> > should mean This is a theoretical edge case. I am not aware of a case where an assertion description prescribes a nested policy expression and does not require a provider/requestor to use the nested policy expression. [1] http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-framework.h tml?content-type=text/html;%20charset=utf-8#Policy_Assertion_Nesting Regards, Asir S Vedamuthu Microsoft Corporation -----Original Message----- From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Frederick Hirsch Sent: Tuesday, July 11, 2006 9:26 AM To: public-ws-policy@w3.org Cc: Frederick Hirsch Subject: NEW ISSUE: Normalization should make empty nested policy elements equivalent to policy statements without nested policy element Title - Normalization should make empty nested policy elements equivalent to policy statements without nested policy element Description - An empty policy element should be removed upon normalization Justification - Need to define additional normalization step to enable interoperability. I initially raised this issue in WS-SX (Security Policy) [1], but it should be addressed in WS-Policy. The WS-SecurityPolicy spec states (at line 372) "An assertion with an empty nested policy does not intersect with the same assertion without nested policy." Since both mean exactly the same thing, this opens a possibility for policy interop issues. <assertion /> and <assertion><policy /></assertion> should mean the same thing. An engine should treat them as equal, and the normalization process should account for this. Target - WS-Policy Framework [2] Proposal - add new section to 4.3, "Nested Policy Normalization", with following as the text in the section: "Any nested policy element of the form <assertion><wsp:Policy /></ assertion> will be normalized by removing the policy element, producing <assertion /> as the normal form. An empty policy element SHOULD NOT have attributes but if it does, they will be ignored and the element removed." Test Case - The intersection of the following two policy expressions should match as true: <wsp:Policy xmlns:test="http://www.example.com/example" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" > <test:SimpleAssertion /> </wsp:Policy> <wsp:Policy xmlns:test="http://www.example.com/example" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" > <test:SimpleAssertion><wsp:Policy /></test:SimpleAssertion> </wsp:Policy> regards, Frederick Frederick Hirsch Nokia [1] Related Work, WS-SX Issue 87, http://docs.oasis-open.org/ws-sx/ issues/Issues.xml#i087 [2] http://www.w3.org/Submission/WS-Policy/
Received on Monday, 24 July 2006 03:17:32 UTC