- From: Maryann Hondo <mhondo@us.ibm.com>
- Date: Wed, 26 Jul 2006 05:11:21 -0400
- To: "Yalcinalp, Umit" <umit.yalcinalp@sap.com>
- Cc: Christopher B Ferris <chrisfer@us.ibm.com>, public-ws-policy@w3.org, public-ws-policy-request@w3.org, "Toufic Boubez" <tboubez@layer7tech.com>, "Sverdlov, Yakov" <Yakov.Sverdlov@ca.com>
- Message-ID: <OF27523615.647CB817-ON872571B5.005C81DF-852571B7.00327A50@us.ibm.com>
All, I agree with Toufic that for the specific WSDL binding case with HTTP/HTTPS in WS-Policy attachment, we can state that policy takes precedence over the WSDL. But I also agree with Umit, that this is also an area where the primer can offer guidance. Policy authors ( like RM) have to do the domain decomposition. In the case of RM, maybe the authors did not take into account transport agnostic, and transport specific capabilities. I believe the security domain did attempt to address this. So the primer can provdide guidance and examples of how domain authors can chose to express the capabilities of their particular domain. And if there are new models for attachment ( beyond WSDL) then the precedence can be stated normatively in the WS-PolicyAttachment document. Maryann "Yalcinalp, Umit" <umit.yalcinalp@sap.com> Sent by: public-ws-policy-request@w3.org 07/19/2006 08:57 PM To Christopher B Ferris/Waltham/IBM@IBMUS, "Sverdlov, Yakov" <Yakov.Sverdlov@ca.com> cc <public-ws-policy@w3.org>, <public-ws-policy-request@w3.org>, "Toufic Boubez" <tboubez@layer7tech.com> Subject RE: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL Hi Chris, I am not sure which "spec" you are referring to. If I am following this thread correctly, the intent here is to provide some guidelines to deal with this situation and if we decide to deal with it in a non-normative manner, I see this as a potential item to be included into the primer. I see no harm pointing out the pitfalls to users. Thanks, --umit From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Christopher B Ferris Sent: Tuesday, Jul 18, 2006 7:56 AM To: Sverdlov, Yakov Cc: public-ws-policy@w3.org; public-ws-policy-request@w3.org; Toufic Boubez Subject: RE: NEW ISSUE: HTTP/HTTPS conflict resolution between policy assertion and WSDL I agree that this is out of scope. There are plenty of work-arounds for situations such as that cited (e.g. use HTTP redirect to the secure URI). IMO, this is a profiling issue, not something that the spec need be concerned with. Cheers, Christopher Ferris STSM, Software Group Standards Strategy email: chrisfer@us.ibm.com blog: http://www.ibm.com/developerworks/blogs/dw_blog.jspa?blog=440 phone: +1 508 377 9295 public-ws-policy-request@w3.org wrote on 07/18/2006 10:46:49 AM: > I agree that the policy assertion takes precedence. My understanding > is that the same ?canned? policy, which requires HTTPS, may > potentially be attached to different WSDLs at the management stage, > and if WSDL port for a particular WS uses HTTP, the policy will be > appropriately enforced at runtime i.e. rejecting the request. > > I think this is a legitimate conflict, and it has to do with the > policy management and enforcement which is out of scope. May be the > Attachment Primer should provide some guidance in regard to possible > policy attachment outcomes during the enforcement phase for two > categories ?conflict? and ?ambiguity?: > > 1. Conflict between the policy assertion and WSDL (not limited to > the transport) > 2. Ambiguity as described by Ashok for the MQ transport scenario, > which the Primer should recommend to avoid > > Regards, > Yakov Sverdlov > CA > > > > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > request@w3.org] On Behalf Of Toufic Boubez > Sent: Tuesday, July 18, 2006 10:27 AM > To: Toufic Boubez; public-ws-policy@w3.org > Subject: RE: NEW ISSUE: HTTP/HTTPS conflict resolution between > policy assertion and WSDL > > More information: > > Justification - This issue was raised by the WS-Policy interop in > April 2006 in Germany. > > Reference - http://www.w3.org/2006/07/13-ws-policy-minutes.html#action32 > > Toufic Boubez, Ph.D. > Chief Technology Officer > > LAYER 7 TECHNOLOGIES / Advancing the application network. > 604.681.9377 x310 (w) 604.288.7970 (m) > tboubez@layer7tech.com (e) www.layer7tech.com (w) > > > From: public-ws-policy-request@w3.org on behalf of Toufic Boubez > Sent: Mon 7/17/2006 10:02 PM > To: public-ws-policy@w3.org > Subject: NEW ISSUE: HTTP/HTTPS conflict resolution between policy > assertion and WSDL > Title - HTTP/HTTPS conflict resolution between policy assertion and WSDL > > Description - If the security policy assertion requires the use of > HTTPS transport level security and WSDL port address uses HTTP > scheme, what is the best practice guidance for requestors? > > Target - WS-Policy Attachment 1.5? Primer? > > Proposal - Not sure if I have an absolute proposal, but I'll get the > ball rolling: I propose that if there is a conflict, that since > presumably the policy authors are a better authority as to what > policies should exist for a service, whereas the WSDL might have > been automatically generated by a tool or a developer, the policy > assertion takes precedence. > > Toufic Boubez, Ph.D. > Chief Technology Officer > > LAYER 7 TECHNOLOGIES / Advancing the application network. > 604.681.9377 x310 (w) 604.288.7970 (m) > tboubez@layer7tech.com (e) www.layer7tech.com (w)
Received on Wednesday, 26 July 2006 09:11:36 UTC