potential issues for WS-Policy Primer and Guidelines from Ken Laskey on 2007-07-23 (public-ws-policy@w3.org from July 2007)

From: Ken Laskey <klaskey@mitre.org>
Date: Mon, 23 Jul 2007 13:37:03 -0400
To: public-ws-policy@w3.org
Message-Id: <B591EB4D-ECF9-48DC-AF40-6C1183A78285@mitre.org>
I recently did a full read of the WS-Policy specs and I believe I  
have a fairly good understanding of WS-Policy Framework and  
Attachment specs that are now at PR.  However, there appears to be a  
lot implied by those specs and I expected an expanded discussion in  
the Primer and Guidelines drafts, but these do not cover many of the  
gaps that jumped out at me.  In this email, I'd like to raise those  
points for discussion and, as appropriate, could later make concise  
entries in Bugzilla.

The following section summarizes what I feel is lacking and specific  
references illustrating my issues follow after that.

Summary
-------------
The issues could be classified as asking for a clear definition of  
scope and suggestions for how that scope would be accomplished.  It  
also argues for not having too restrictive a scope because this would  
hinder much of the capability needed by policy consumers and not just  
tool developers.

1. The expanded definition for policy [1] at times seems to cover an  
immense amount of the general description space but then the examples  
for use are mostly restricted to the tedious (but necessary for  
message level interoperability) details.  The discussion does not  
support the business use that is needed if services are to accomplish  
more than geek talk.  Even at the wire level, a big gap is how do  
consumers use WS-Policy to express their capabilities and  
requirements that will be used to determine policy intersection.  The  
consumers do not have WSDLs and may have no interest in UDDI.  They  
do, however, want to point to a policy that says you should not sell  
their contact information, i.e. what was carefully exchanged in a  
manner to initially ensure privacy will remain private.

2. The specs do not adequately address support for discovery.  If  
anything, they make discovery very difficult because policy  
attachment is all over the place and the roll up is to the levels of  
finer granularity rather than the service level where most people  
would expect to find it.  Information expressed as policies will  
likely form an important set of the search criteria when looking for  
services (more typically, looking for the business effects that  
result from the service interaction [2]) and there is no guidance  
(and seemingly no consideration) on how such information can be  
effectively used for discovery or any other function besides message  
level protocols.

[1] For example, [Primer, section 2.1] Web Services Policy is a  
machine-readable language for representing the capabilities and  
requirements of a Web service. These are called ‘policies’.  Also,  
consistent text in WS-Policy Framework states, "A policy assertion  
represents a requirement, capability, or other property of a behavior."

[2] Are the "business effects", i.e. what happens when you interact  
with a service, supposed to be expressed as part of "capabilities and  
requirements" covered by WS-Policy?  My initial read was yes, but am  
I reading too much into it?    Again, supporting consumer policies so  
you have something with which to intersect services policies seems to  
be important in the current context.


Specific references
--------------------------

[Primer, section 2.1] Web Services Policy is a machine-readable  
language for representing the capabilities and requirements of a Web  
service. These are called ‘policies’.  (Consistent text in WS-Policy  
Framework states, "A policy assertion represents a requirement,  
capability, or other property of a behavior.")
This is quite an expansion of the word “policy”.  It seems to now  
include all description that is not specifically covered by WSDL  
syntax.  Is this intended?
The Primer later talks to policy intersection but this would require  
policy representation for non-service entities, such as a consumer  
expressing a required privacy policy not to sell my contact  
information.  The Framework and Attachment mechanisms may suffice as  
currently defined, but how is this used for non-service entities?   
[Note, there are numerous other places where this comment applicable.]


[Primer, section 2.7] The wsp:Ignorable attribute allows providers to  
clearly indicate which policy assertions indicate behaviors that  
don’t manifest on the wire and may not be of concern to a requester  
when determining policy compatibility.  This is an example of the  
specs alluding to more general use and then getting lost in WS- 
Minutiae.  The policies likely to be of greatest consumer/business  
interest are the capabilities invoked by a service and the real world  
effects that result.  If WS-Policy is supposed to convey such  
information, the “user specs” (e.g. Primer and Guidelines) need to  
come at least equally from that viewpoint.


[Primer, section 3.3] It is important to understand that a policy is  
a useful piece of metadata in machine-readable form that enables  
tooling, yet is not required for a successful Web service  
interaction. Why? Web service developers could use the documentation,  
talk to the service providers, or look at message traces to infer  
these conditions for an interaction. Developers continue to have  
these options, as they always had.  Again, the overriding perspective  
in tooling and not the non-developer use that most consumers will  
need of policy.  Yes, if most users see this as WS-Minutiae, most  
policy/description will remain in other communications.

[Primer, section 3.4] A provider, like Company-X, and a requester,  
like the policy-aware client used in our example, may represent their  
capabilities and requirements for an interaction as policies...  The  
next section describes how to attach policies to service WSDLs but no  
where does it say where the requester policies go.  Note, saying you  
put them in a UDDI registry is great marketing for UDDI but otherwise  
unacceptable.  In addition, the Attachment spec addresses the  
“technical” rolling up of abstract (tModel) to concrete  
(bindingTemplate) but not the “business” question of how policies on  
businessEntity and businessService combine with Endpoint or each  
other to express business constraints.


[Primer, section 3.4.1] A requester can decide how to process a  
provider's policy to determine if and how the requester will interact  
with the provider. The requester can have its own policy that  
expresses its own capabilities and requirements, and can make one or  
more attempts at policy intersection in order to determine a  
compatible alternative and/or isolate the cause of an empty  
intersection result. The requester can use and analyze the result(s)  
of policy intersection to select a compatible alternative or trigger  
other domain-specific processing options.  This is actually very  
important for several reasons.
It highlights again the intent to have WS-Policy cover a wide range  
of description (e.g. what effects does the requester want), some  
boilerplate and some specific to the interaction.  Where are Primer  
suggestions for requester side of interaction?
Once this negotiation has been done, there is a need to save the  
result for (a) documenting how the interaction occurred, (b) avoiding  
a renegotiation every time the same requester tries to use the same  
service.


[Primer, section 3.5] If multiple policy expressions are attached to  
WSDL elements that collectively represent a policy subject then the  
effective policy of these policy expressions applies. The effective  
policy is the combination of the policy expressions that are attached  
to the same policy subject.  Here I have a fundamental hurt point.  I  
have no argument as described, e.g. if you attach a policy to an  
abstract component, then it should apply to its concrete instance.   
The problem is the roll up goes downward to the finer component  
rather than upward to the service itself.  Yes, the Framework spec  
[Introduction] says it “does not cover discovery of policy”, but how  
do I discover a service if the details of its description can be  
found anywhere in the lowest levels of its WSDL?  Again, the specs  
imply expansive coverage but only really consider the lowest level  
nuts and bolts that are of little interest to most users whose domain  
is policies.

7.  [Guidelines, section 2] A visible behavior refers to a  
requirement that manifests itself on the wire.  This is again much  
too limited to the technical perspective.  A visible behavior is one  
that the participants can see in the real world and will likely have  
nothing directly to do with the message on the wire.


My apologies for not being familiar with possible past discussions  
and I would certainly be willing to catch up if someone can point me  
to the appropriate material in the archives.

I look forward to hearing from the collected wisdom on these questions.

Thanks,

Ken

------------------------------------------------------------------------ 
------------------
Ken Laskey
MITRE Corporation, M/S H305     phone:  703-983-7934
7515 Colshire Drive                        fax:        703-983-1379
McLean VA 22102-7508
Received on Monday, 23 July 2007 17:34:42 UTC