- From: Yalcinalp, Umit <umit.yalcinalp@sap.com>
- Date: Mon, 12 Feb 2007 13:52:44 -0800
- To: <public-ws-policy@w3.org>
- Message-ID: <2BA6015847F82645A9BB31C7F9D641650362AE93@uspale20.pal.sap.corp>
Title: Which WS-SecurityPolicy version should be used as a reference? Description: The following WS-Policy documents use references to WS-SecurityPolicy 1.0. [1]. -- Framework -- Attachment -- Primer -- Guidelines Note: There was not a component to target all the documents, hence Framework+Attachment+Guidelines was used to post this bug. Primer is included in this issue as well. The posted interop scenerios document to the wg [3] refer to the WS-SecurityPolicy 1.2 [2]. If the intent of the interop scenerios is to test the policy framework, the dependency is unfortunately broken. There are differences between the versions of WS-SecurityPolicy. For example, sp:HttpsToken is now a nested assertion instead of a parametric assertion using attributes for requiring client certificate. This difference is used in testing empty nested assertions in the interop scenerios. Thus affects the way that the tests are perceived and used without requiring domain specific processing. Justification: The version of the Security policy used in the interop scenerios should reflect the version in the document and vice versa. They must match. Thus, updating the documents with the latest version of the security policy would eliminate confusion from the readers understanding and the use of the security policy. Otherwise, what is really tested does not reflect the documents being reviewed. Proposal: Update all the versions of the documents to the latest version of WS-SecurityPolicy to reflect the reality of what is tested. Note: This is [Bug4318] [1] http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-se curitypolicy-1.0.pdf [2] http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/21401/ws -securitypolicy-1.2-spec-cd-01.pdf [3] http://lists.w3.org/Archives/Public/public-ws-policy/2007Feb/0008.html [Bug4318] http://www.w3.org/Bugs/Public/show_bug.cgi?id=4318 ---------------------- Dr. Umit Yalcinalp Research Scientist SAP Labs, LLC Email: umit.yalcinalp@sap.com Tel: (650) 320-3095 SDN: https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/u/36238 -------- "Nearly all men can stand adversity, but if you want to test a man's character, give him power." Abraham Lincoln.
Received on Monday, 12 February 2007 21:50:48 UTC