- From: Asir Vedamuthu <asirveda@microsoft.com>
- Date: Tue, 1 May 2007 15:13:25 -0700
- To: "bob@freunds.com" <bob@freunds.com>, "public-ws-policy@w3.org" <public-ws-policy@w3.org>
Action-288 - Amend note in accordance with http://lists.w3.org/Archives/Public/public-ws-policy/2007Apr/0081.html Our proposed replacement for the last paragraph in Section 3.2 [1] is: Note: Depending on the semantics of the domain specific policy assertions a combination of the policy assertions can be required to specify a particular behavior. For example, a combination of two or three assertions from the WS-SecurityPolicy specification is used to indicate message-level security for protecting messages - that is, the sp:AsymmetricBinding assertion is used to indicate message-level security, the sp:SignedParts assertion is used to indicate the parts of a message to be protected and the sp:EncryptedParts assertion is used to indicate the parts of a message that require confidentiality. [1] http://www.w3.org/TR/2007/CR-ws-policy-20070330/#rPolicy_Alternative Regards, Asir S Vedamuthu Microsoft Corporation -----Original Message----- From: public-ws-policy-request@w3.org [mailto:public-ws-policy-request@w3.org] On Behalf Of Asir Vedamuthu Sent: Friday, April 20, 2007 7:31 PM To: bob@freunds.com; public-ws-policy@w3.org Subject: FW: [Bug 4479] Editorial, note is obscure or unclear >Depending on the semantics of the domain specific policy assertions a >combination of these policy assertions can be required to specify a >particular behavior The above note [1] was added in January '07 in response to issue 4236 [2]. Let's look at a concrete example. In WS-SecurityPolicy, a combination of 2 or 3 assertions may be needed to indicate a behavior. For instance, to represent message-level security for protecting messages, the sp:AsymmetricBinding assertion is used to indicate message-level security, the sp:SignedParts assertion is used to indicate the parts of a message to be protected and the sp:EncryptedParts assertion is used to indicate the parts of a message that require confidentiality [3]. In this example, the behavior is specified using a combination of policy assertions. >It is unclear to this reader if the assertion set alone is sufficient >to specify a domain specific behavior Yes, they are sufficient. Your first impression is right! Do you think some prose and examples that illustrate the above note in the Guidelines document would help assertion authors? [1] http://www.w3.org/TR/2007/CR-ws-policy-20070330/#rPolicy_Alternative [2] http://www.w3.org/Bugs/Public/show_bug.cgi?id=4236 [3] http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-cd-02.html#_Toc161826608 Regards, Asir S Vedamuthu Microsoft Corporation -----Original Message----- From: public-ws-policy-qa-request@w3.org [mailto:public-ws-policy-qa-request@w3.org] On Behalf Of bugzilla@wiggum.w3.org Sent: Thursday, April 19, 2007 12:08 PM To: public-ws-policy-qa@w3.org Subject: [Bug 4479] Editorial, note is obscure or unclear http://www.w3.org/Bugs/Public/show_bug.cgi?id=4479 Summary: Editorial, note is obscure or unclear Product: WS-Policy Version: CR Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Framework AssignedTo: fsasaki@w3.org ReportedBy: bob@freunds.com QAContact: public-ws-policy-qa@w3.org In WS-Policy 1.5 Framework Section 3.2 it is written: "Note: Depending on the semantics of the domain specific policy assertions a combination of the policy assertions can be required to specify a particular behavior." It is unclear to this reader if the assertion set alone is sufficient to specify a domain specific behavior or if the compatible assertions produced as the result of the default intersection algorithm are what is meant in the context of this note. If this note is intended to mean that assertions alone suffice, then it seems that policy authors have the freedom to define arbitrary policy vocabularies and arbitrary policy alternative vocabularies so long as they have defined the domain specific behavior for all acceptible combinations within that domain of such assertions independant of any other rules which may be described within this document. I think that this note needs qualification or clarification.
Received on Tuesday, 1 May 2007 22:14:50 UTC