- From: Maryann Hondo <mhondo@us.ibm.com>
- Date: Tue, 10 Apr 2007 15:09:58 -0400
- To: public-ws-policy@w3.org
- Message-ID: <OF64651CAC.E212DC3E-ON872572B9.00655751-852572B9.0068EE4F@us.ibm.com>
This action item was to formulate a proposal against the Guidelines
document, but there may be a need to
change other documents as well. In our effort to propose changes to the
Guidelines, we (Monica, Ashok, Dale and Maryann) had a fairly detailed
discussion and we now put forward a set of topics that we identified might
be of interest for discussion by the WG.
In ongoing discussions (prompted by WS-Addrssing issues), questions have
arisen about Framework
definitions; we should be detailed and clear on these.
1. What is a policy vocabulary?
2. What is the role of a policy vocabulary in intersection?
3. What is a policy alternative vocabulary?
4. What is the role of a policy alternative vocabulary in intersection?
Asir's note seems to indicate that every Policy Alternative has its own
policy vocabulary [1]. Yet, Section 3.2 Framework uses "Policy
Vocabulary" (note singular) which implies a single vocabulary for
the entire policy. Also, if each alternative has its own vocabulary
then the sentence - "When an assertion whose type is part of the
policy's vocabulary is not included in a policy alternative, the
policy alternative without the assertion type indicates that the
assertion will not be applied in the context of the attached policy
subject" - has little or no meaning because there could conceivably
never be a policy assertion that is not in the policy vocabulary.
And, further questions apply.
5. What is a nested policy alternative vocabulary?
6. What is the role of a nested policy alternative vocabulary in
intersection?
There seems to be general agreement that nested policy assertions are
part of the policy vocabulary. If so, this needs to be spelled out
carefully and explicitly.
In line with these core definitions and these open questions, three
ideas do not currently cohere smoothly in the WS-Policy Framework.
Within our work group and in other domains defining policy assertions,
different assumptions appear to be applied and used. Examples include
note from Asir Vedamuthu, efforts in WS-Addressing, and within WS-Policy
WG. They are:
1. Policy assertion authors should be allowed to specify that a set
of policy assertions are mutually exclusive.
2. Policy assertion authors should be allowed to use an empty policy
alternative to indicate "neutrality" on a set of policy assertions.
3. An absent policy assertion (from the relevant vocabulary) is
equivalent to the presence of the negation of that assertion. (a
"closed world" assumption).[2]
When any two of these are applied, it could lead to inconsistency or
conflict with the other. We've seen, for example:
* Use of 1 and 2 conflicts with 3.
* Use of 2 and 3 conflicts with 1.
This crops up for WS-Addressing with their wsam:Addressing, and various
response types. This issue, not limited to WS-Addressing. could lead to
the development of self-conflicting policies. As has been indicated,
conformance may also apply - see WS-Addressing case where its core
functionality actually sets the baseline. More on this comes later as an
additional discussion related to this issue, specific to the
WS-Addressing case. [3]
Using an example for 3-way mutual exclusion only, let's conceptualize the
challenge that exists.
Mutually exclusive policy assertions A, B, and C are constrained so that:
A <--> -(B or C)
...
B <--> -(A or C)
...
C <--> -(A or B)
...
Suppose that policy assertion E has a nested policy domain defined with
mutually exclusive policy assertions A, B, and C. Then the vocabulary of a
nested
alternative is {A, B, C}.
An empty alternative will then, by the absent assertion implies negation
principle, imply:
-A and -B and -C
Consider that, for example, -(B or C) is equivalent to (-B and -C),
which implies A. But we already have -A, and therefore a contradiction.
As a result, we have the following options to avoid this inconsistency:
Option 1: Policy assertion authors may not be allowed to constrain
policy assertions to be mutually exclusive.
Note: This is an unacceptable limitation in general, looking at
WS-Addressing and others as possible examples.
Option 2: Policy assertion authors must not be allowed to use an
empty alternative to indicate neutrality.
Note: This is an unexpected limitation that seems like it should be
avoided. This would necessitate that authors define define assertions
that consist of mutally exculive alternatives and in any given policy
instance enforce that one must be specified(default).
Option 3: The absence of an assertion is illegal or means it is
negated.
Note: The consensus of our group was that "absence means negation"
convention should be abandoned.
[Relates to CWA - see 2] Need to explore to see if this could affect
wsp:Optional and may
require that policy assertions are explicitly stated. Doing away with
this assumption may result in the least change needed. This would
necessitate that
authors define what empty means if empty is allowed. Eliminating this
assumption implies
that authors define that any policy instance must consist either of
mutually
exclusive alternatives or an empty alternative and they explain the
semantics of the empty
assertion.
Another example shows this as well, where a policy exists with the
following policy assertions (not assertion parameters - pseudo code):
Policy A
<wsp:Policy>
<wsp:ExactlyOne>
<xx:Assertion A>
<wsp:Policy>[first match]
<wsp:ExactlyOne>
<
xx:Assertion B>
<xx:Assertion C>
</wsp:ExactlyOne>
</wsp:Policy>
<xx:Assertion E>
<wsp:Policy>[first match]
<wsp:ExactlyOne>
<xx:Assertion B>
<xx:Assertion C>
<wsp:ExactlyOne>
</wsp:Policy>
</wsp:ExactlyOne>
</wsp:Policy>
intersected with a policy like this:
Policy B
<wsp:Policy>
<xx:Assertion A>
<wsp:Policy>[first match]
<xx:Assertion B>
</wsp:Policy>
</wsp:Policy>
The processing of nested policy assertions occurs in 'depth first' order
whereby:
* Assertion B would match in each descent of the policy alternatives.
* However the AssertionB under AssertionE would be rejected because
the higher level QNames did not match.
The primary impact occurs with the CWA. An advantage of removing CWA is
that the Policy Vocabulary idea can be replaced by the definition of
processing rules of the
(immediate) policy assertion scope of a nested policy assertion in
explaining intersection. Policy vocabulary was mainly needed to explain
how to apply CWA consistently (so that the range of the underlying
assertion domain scope was defined). Policy scoping now allows empty to be
neutral, in that
the framework matches on the high level Qname, but says nothing about a
match for nested assertions
that do not match. It also might necessitate changes to the assumptions
WS-Addressing found.
Note: This email provides some basis for a proof for change. A next
step may be to address the intersection algorithm and its scope.
=========
[1] Action 271 response:
http://lists.w3.org/Archives/Public/public-ws-policy/2007Apr/0017.html
[2] CWA = Closed World Assumption
http://en.wikipedia.org/wiki/Closed_world_assumption
http://moonbase.wwc.edu/~aabyan/Logic/CWA.html
[3] To resolve a key question from the WS-Addressing group that
underlies many questions we pose the question:
Can authors represent mutually exclusive behavior and use empty to
indicate 'both/all' behaviors?
One answer might be:
When an assertion whose semantic when empty, is to indicate neutrality to
the "both/all" behavior
is scoped to an endpoint level (in which multiple exchanges of messages
are covered) it may still result in
failures since it is unclear from that policy which behavior applies to
any given message. To ensure the correct characterization of all message
exchange patterns, the authors ( like WS-Addressing) may need to define an
additional set of assertions which when scoped to a message level could
indicate the exact set of patterns that the endpoint supports. In addition
the client would need to reverse its own requirements and match on the
characteristics that it desires in a service not on its own capabilities.
(note to Monica, Ashok, Dale....hope I captured it all correctly in this
last round)
Received on Tuesday, 10 April 2007 19:08:09 UTC