RE: Policy alternatives, negation, [Non]AnonResponse assertion and the none URI from Ashok Malhotra on 2007-04-23 (public-ws-policy@w3.org from April 2007)

From: Ashok Malhotra <ashok.malhotra@oracle.com>
Date: Mon, 23 Apr 2007 12:44:24 -0700
To: "Anish Karmarkar" <Anish.Karmarkar@oracle.com>
CC: "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "ws policy" <public-ws-policy@w3.org>
Message-ID: <20070423124424630.00000004468@amalhotr-pc>
Anish, see inline

All the best, Ashok

> -----Original Message-----
> From: public-ws-addressing-request@w3.org [mailto:public-ws-addressing-
> request@w3.org] On Behalf Of Anish Karmarkar
> Sent: Monday, April 23, 2007 12:13 PM
> To: Ashok Malhotra
> Cc: public-ws-addressing@w3.org; ws policy
> Subject: Re: Policy alternatives, negation, [Non]AnonResponse assertion
> and the none URI
> 
> 
> Ashok,
> 
> So you are saying (I'm rephrasing to get clarity) that:
> "... does not apply .." => one MUST NOT do whatever the missing
> assertion asked one to do.
> Right?
[AM] Correct.  
> If so, the spec needs to be clarified to make it clear. This was not
> clear to a lot of folks on WS-Addressing.
[AM] I agree.
> 
> Additionally, does this negation effect apply to only top-level
> assertions or nested assertions as well. IOW, are nested assertions part
> of the vocabulary.
[AM] Affects nested assertions also.  
> 
> One not obvious (not to me) side-effect of this 'negation' is the
> following:
> 
> Consider the scenario where two very complicated polices are created by
> the IT department. Let's call them P1 and P2. I'm required to use P1 or
> P2 on services that are exposed outside the firewall. P1 contains an
> assertion A that is absent in P2. If I advertise P1 only then I have to
> do whatever A asks me to do. If I advertise P2 only, I may or may not
> use A (as it is not part of the vocabulary) -- it is up to me. If I
> advertise a policy that says either of P1 or P2 and P2 is selected, I
> cannot use A. This is very surprising (at least to me). This does not
> follow the 'principle of least surprise'. "OR"ing operation in other
> contexts does not introduce negation based on vocabulary set. I'm
> curious as to the rationale for this. In any case, guidance and
> clarification in the spec or the primer would be very useful.
> 
> -Anish
> --
> 
> Ashok Malhotra wrote:
> > If you have a Policy that says Assertion A and B then you have to do A
> and B.  Since it says nothing about C, you may or may not do C.
> >
> > However, if A,B and C are all in the Policy Vocabulary (the assertions
> contained in the Policy) and you select an alternative from the Policy
> that contains only A and B, you may not do C.  Thus, it is a form of
> negation.
> >
> > All the best, Ashok
> >
> >> -----Original Message-----
> >> From: Anish Karmarkar [mailto:Anish.Karmarkar@oracle.com]
> >> Sent: Monday, April 16, 2007 2:41 PM
> >> To: Ashok Malhotra
> >> Cc: public-ws-addressing@w3.org; ws policy
> >> Subject: Re: Policy alternatives, negation, [Non]AnonResponse assertion
> >> and the none URI
> >>
> >> Ashok,
> >>
> >> We discussed this at the ws-addr call today and are waiting to get
> >> clarification from ws-policy WG on the phrase "... assertion will not
> be
> >> applied ...," as to its meaning. It is not clear, to at least some
> >> (many?) member of ws-addr wg, what it means.
> >>
> >> We decided to postpone a resolution on this (and related issue) till we
> >> get some direction/resolution from ws-policy wg.
> >>
> >> -Anish
> >> --
> >>
> >> Ashok Malhotra wrote:
> >>> Here is the relevant text from the Policy Framework document:
> >>>
> >>> [Definition: A policy vocabulary is the set of all policy assertion
> >> types used in a policy.] ... When an assertion whose type is part of
> the
> >> policy's vocabulary is not included in a policy alternative, the policy
> >> alternative without the assertion type indicates that the assertion
> will
> >> not be applied in the context of the attached policy subject.
> >>> All the best, Ashok
> >>>> -----Original Message-----
> >>>> From: public-ws-addressing-request@w3.org [mailto:public-ws-
> addressing-
> >>>> request@w3.org] On Behalf Of Anish Karmarkar
> >>>> Sent: Monday, April 16, 2007 9:56 AM
> >>>> To: public-ws-addressing@w3.org
> >>>> Subject: Policy alternatives, negation, [Non]AnonResponse assertion
> and
> >>>> the none URI
> >>>>
> >>>>
> >>>> There is view among the WS-Policy wonks (not sure how widely accepted
> >>>> this is or whether the WS-Policy specs explicitly calls this out)
> that
> >>>> when there are alternatives present and the selected alternative does
> >>>> not contain an assertion X but another alternative does, then the
> >> effect
> >>>>   of such a selection consists of negation of X.
> >>>>
> >>>> We have two assertions AnonResponse and NonAnonResponse assertions.
> >> Both
> >>>> of them require that the 'none' URI be allowed for the response EPR.
> >>>> Does that mean that negation of any of these implies 'none' must not
> be
> >>>> used?
> >>>>
> >>>> If so, that is a problem, none is useful for things like one-way
> >>>> operations that don't use the response EPR for that MEP.
> >>>>
> >>>> Additionally, if one has two alternatives one with AnonResponse only
> >> and
> >>>> one with NonAnonResponse only, then that would be self-contradictory.
> >>>>
> >>>> -Anish
> >>>> --
> >>>>
> >>>>
> >
> >
>
Received on Monday, 23 April 2007 19:46:01 UTC