- From: Fabian Ritzmann <Fabian.Ritzmann@Sun.COM>
- Date: Tue, 19 Sep 2006 18:08:04 +0300
- To: public-ws-policy@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=3753 Title Example 1-1 is not a complete security policy Description Example 1-1 shows a simple policy with two security policy assertions in lines 03 and 04. According to WS-SecurityPolicy 1.2, section 7.1, these security policy assertions must be encapsulated by a policy that is nested inside an AlgorithmSuite assertion. The enclosing AlgorithmSuite assertions as well as suitable top-level assertions containing the AlgorithmSuite assertions are missing from example 1-1. The examples in the following chapters build on this first example. Despite extensive research we did not find a policy that is sufficiently simple, can serve as a basis for the other examples, and still is a valid policy. We should still point out that the example given is an incomplete policy that only serves to illustrate how a policy could look like. Justification An example of a policy that claims to display a security policy but in fact violates the constraints of WS-SecurityPolicy causes unnecessary confusion among readers of both specifications. Target Web Services Policy Framework, section 1.2, example 1-1 Proposal Replace "The following example illustrates a security policy expression using assertions defined in WS-SecurityPolicy [WS-SecurityPolicy]:" by "The following example illustrates a security policy expression using assertions defined in WS-SecurityPolicy [WS-SecurityPolicy] rather than a complete security policy:"
Received on Tuesday, 19 September 2006 15:08:07 UTC