NEW ISSUE: Which WS-SecurityPolicy version should be used as a reference?

Title: Which WS-SecurityPolicy version should be used as a reference?

Description: The following WS-Policy documents use references to
WS-SecurityPolicy 1.0. [1]. 

-- Framework
-- Attachment
-- Primer
-- Guidelines

Note: There was not a component to target all the documents, hence
Framework+Attachment+Guidelines was used to post this bug. Primer is
included
in this issue as well. 

The posted interop scenerios document to the wg [3] refer to the
WS-SecurityPolicy 1.2 [2]. If the intent of the interop scenerios is to
test
the policy framework, the dependency is unfortunately broken. 

There are differences between the versions of WS-SecurityPolicy. For
example,
sp:HttpsToken is now a nested assertion instead of a parametric
assertion using
attributes for requiring client certificate. This difference is used in
testing
empty nested assertions in the interop scenerios. Thus affects the way
that the
tests are perceived and used without requiring domain specific
processing. 

Justification: The version of the Security policy used in the interop
scenerios
should reflect the version in the document and vice versa. They must
match.
Thus, updating the documents with the latest version of the security
policy
would eliminate confusion from the readers understanding and the use of
the
security policy. Otherwise, what is really tested does not reflect the
documents being reviewed. 

Proposal: Update all the versions of the documents to the latest version
of
WS-SecurityPolicy to reflect the reality of what is tested. 

Note: This is [Bug4318] 


[1]
http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-se
curitypolicy-1.0.pdf

[2]
http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/21401/ws
-securitypolicy-1.2-spec-cd-01.pdf

[3]
http://lists.w3.org/Archives/Public/public-ws-policy/2007Feb/0008.html

[Bug4318] http://www.w3.org/Bugs/Public/show_bug.cgi?id=4318

----------------------

Dr. Umit Yalcinalp
Research Scientist
SAP Labs, LLC
Email: umit.yalcinalp@sap.com Tel: (650) 320-3095 
SDN: https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/u/36238
--------
"Nearly all men can stand adversity, but if you want to test a man's
character, give him power." Abraham Lincoln. 

Received on Monday, 12 February 2007 21:50:48 UTC