ACTION-48 update

In summary, we propose a  resolution for ACTION-48 (related to 
http://www.w3.org/Bugs/Public/show_bug.cgi?id=3705): 
============================================================================================= 

Title: Clarify what an interaction represents in a Web services based 
system and provide guidance that assertion authors must define the 
interaction scope of an assertion 
  
Description: Section 3.4 in the WS-Policy Framework spec currently 
contains the following text [1]: 
  
Applied in the Web services based system, policy is used to convey 
conditions on an interaction between entities (requester application, 
provider service, Web infrastructure component, etc). Any entity in a Web 
services based system may expose a policy to convey conditions under which 
it functions. Satisfying assertions in the policy usually results in 
behavior that reflects these conditions. For example, if two entities - 
requester and provider - expose their policies, a requester might use the 
policy of the provider to decide whether or not to use the service. A 
requester may choose any alternative since each is a valid configuration 
for interaction with the service, but a requester MUST choose only a 
single alternative for an interaction with a service since each represents 
an alternative configuration. 
  
This text does not clearly define what an “interaction between entities” 
in a Web services based system is. 
 -------------- 

Also, policy assertion authors need to define the scope of the 
interactions that an assertion applies to, including the policy subjects 
to which the assertion may be attached and the messages within the 
interaction scope.   This guidance should be in the Guidance for Policy 
Assertion Authors doc. 

Description: Section 2.1.1 in the Policy Assertions Guidelines document 
contains the following text: 

WS-Policy Domain authors must also specify how to associate the assertions 
they have defined with the policy subjects identified by the WS-Policy 
attachment specification. An example of this is also provided by the 
WS-Security Policy specification in Appendix A. 

Justification: 
  
It is not clear from the current text that an interaction between entities 
involves one or more messages between two entities.   
  
We need to make sure that we provide guidance to policy assertion authors 
on how to clearly define their assertions.   
  
Proposal: 
  
New text for the first paragraph in section 3.4 of the WS-Policy spec: 

3.4 Policies of Entities in a Web Services Based System 
Applied to a Web services based system, policy is used to convey 
conditions on  the interaction between two Web service endpoints.  An 
interaction involves one or more message exchanges between two 
entities(requester application, provider service, Web infrastructure 
component, etc). It is the responsiblity of assertion authors to define 
the interaction scope of an assertion including any constraints on the 
policy subjects to which the assertion may be attached and a clear 
specification of the message(s) within that interaction scope to which the 
assertion applies. 

Any entity in a Web services based system may expose a policy to convey 
conditions under which it functions. Satisfying assertions in the policy 
usually results in behavior that reflects these conditions. For example, 
if two entities - requester and provider - expose their policies, a 
requester might use the policy of the provider to decide whether or not to 
use the service. A requester may choose any alternative since each is a 
valid configuration for interaction with the service, but a requester MUST 
choose only a single alternative for an interaction with a service since 
each represents an alternative configuration. 

New text for the Guidelines Document:
An important part of defining assertions is documenting the interaction 
scope of the assertions. There are several attachment mechanisms defined 
in the WS-PolicyAttachement specification and assertion authors are 
responsible for defining assertions and their policy subjects.  An example 
of how this might be accomplished can be seen in the WS-Security Policy 
specification Appendix A.  In this section the WS-SecurityPolicy authors 
have classified the assertions according to their suggested scope. 

Received on Tuesday, 10 October 2006 22:57:22 UTC