- From: Sergey Beryozkin <sergey.beryozkin@iona.com>
- Date: Mon, 15 Oct 2007 11:12:23 +0100
- To: "Natale, Bob" <RNATALE@mitre.org>, "David Orchard" <dorchard@bea.com>, "Ashok Malhotra" <ashok.malhotra@oracle.com>
- Cc: <public-ws-policy@w3.org>
- Message-ID: <00c101c80f13$e13ac6e0$e002050a@pcgroupiona.com>
Hi Bob
I'm thinking that may be a single value for an attribute like this one would do. I'm fime with "mandated" for ex.
Furthermore I believe any enforcement is out of scope for the policy framework, as it's not the engine's responsibilty
to enforce any behaviors associated with given policy assertions. Given this, I feel an attribute like this is kind of extension to the core policy schema because whatever in the core schema defines has some meaning to the policy engine.
For example :
<Policy wspe:ordering="mandated" xmlns:wspe="www.w3.org/ms/ws-policy/extensions">
<A/>
<B/>
</Policy>
Basically, we're just using an extension attribute (thanks to the extensibilty available through the core schema) to convey the policy author's hint to the consumer entity which interacts with the policy engine. As far the policy engine is concerned, it does not know what wspe:ordering="mandated" means. On the other hand, the entity which understands this extension is given a hint that the ordering of behaviors is the same as the order of corresponding assertions.
I don't think though that a consumer which understands this extension needs to throw exceptions. It's too strict. For ex, policy unaware consumer can stil ltalk to the policy-aware provider, it's up to the provider to verify and enforce that the consumer has done things as expected...
So I'm kind of positive about an extension like this one. What bothers :-) me a bit though : is it really a last call issue given that it's out of scope for the framework ? Do you agree it's out of scope for the framework ?
Thanks, Sergey
----- Original Message -----
From: Natale, Bob
To: Sergey Beryozkin ; David Orchard ; Ashok Malhotra
Cc: public-ws-policy@w3.org
Sent: Friday, October 12, 2007 5:44 PM
Subject: RE: Ordering of Assertions: Comment on WS-Policy Primer LCWD
Hi Sergey,
As far as I can tell now, your suggested approach would satisfy my needs -- with one possible addition: Add "mandatory" (along with "recommended") as a possible value for "ordering"...the meaning being that the client must either observe the ordering or, if unable or unwilling to do so, reject the policy.
For the domain in which I work, being able to explicitly declare policymaker intent at the highest level in a clear and simple way is a prerequisite to broader and deeper implementation of policy-based management. Lower-level restrictions on how that policy might get implemented, as long as they are known up-front, can be accommodated.
Cheers,
BobN
----------------------------------------------------------------------------
From: Sergey Beryozkin [mailto:sergey.beryozkin@iona.com]
Sent: Friday, October 12, 2007 12:27 PM
To: Natale, Bob; David Orchard; Ashok Malhotra
Cc: public-ws-policy@w3.org
Subject: Re: Ordering of Assertions: Comment on WS-Policy Primer LCWD
Hi
As far as I understand, you believe that in those cases when it matters a solution at a framework level would be more efficient than a solution involving domain-specific policy assertions.
It might be more efficient indeed, as far as a generic hint is concerned. I'd say that it won't make more efficient with respect to what happens afterwards, with what runtime/engine actually does with this hint.
Nonetheless, if there were a push for a solution at the framework level in v.next then I'd suggest something like :
<wsp:Policy>
<wsp:All acme:ordering="recommended">
<B/>
<A/>
</wsp:All>
</wsp:Policy>
acme:ordering="recommended" can be placed on any WS-Policy language operator in which case the rule would be for it to propogate down to all <All> descendants at the normalization time.
This does not affect the intersection. acme:ordering="recommended" is just a hint, the consumer still has to verify it makes sense and is free to ignore this hint. For ex, a consumer dealing with RM and WS-Security may notice this hint or may not.
Say, when it encounters
<wsp:Policy acme:ordering="recommended">
<WS-Security/>
<WS-RM/>
</wsp:Policy>
then it can either reject this policy or ignore the hint and do WS-RM first and only then do WS-Security. What the consumer does is out of scope for the framework.
Using an attribute like acme:ordering (wsp:ordering) would be much less intrusive, much less complex and more neutral than introducing a general purpose ordering operator.
Cheers, Sergey
----- Original Message -----
From: "Natale, Bob" <RNATALE@mitre.org>
To: "David Orchard" <dorchard@bea.com>; <ashok.malhotra@oracle.com>
Cc: <public-ws-policy@w3.org>
Sent: Thursday, October 11, 2007 10:19 PM
Subject: RE: Ordering of Assertions: Comment on WS-Policy Primer LCWD
Ok, Dave, I'll bite...although I have to say that Ashok's original
existence proofs (recognition in the Policy Framework and realization
in SecurityPolicy) strike me as sufficient basis for having to prove
the counter-argument rather than the pro-argument. And, yes, I can
think of multiple ways to achieve the objective of policy ordering
without adding an operator-like feature to WS-Policy (e.g., multiple
domain-specific ordering constructs, presumed run-time engine
omniscience, etc.)...they just all seem less efficient and intuitive to
me.
So, for a very generic data processing context, I might want instances
of the following set of policies (sometimes in recursive
relationships):
- someCollectionPolicy
- someFilteringPolicy
- someAggregationPolicy
- someCorrelationPolicy
- someTaggingPolicy
- someSortingPolicy
- someClassificationPolicy
- someStoragePolicy
- someRetentionPolicy (which is also inherently someDeletionPolicy)
The order in which some of these policies are applied in some data
processing contexts could be significant, it would seem to me...?
Examples from the SCA Policy realm also come to mind. Actually, many
do, especially when considering dynamically constructed digital
run-time policies in response to changing real-world circumstances
(e.g., in the network management realm).
Cheers,
BobN
-----Original Message-----
From: public-ws-policy-request@w3.org
[mailto:public-ws-policy-request@w3.org] On Behalf Of David Orchard
Sent: Thursday, October 11, 2007 4:59 PM
To: ashok.malhotra@oracle.com
Cc: public-ws-policy@w3.org
Subject: RE: Ordering of Assertions: Comment on WS-Policy Primer LCWD
I asked my question first, and it's up to you to prove that work needs
to be done, not the other way around. That said, you don't seem to
have
any intention of answering my question as you've decided to respond to
my question with a question. I learned from "Rosencrantz and
Guildenstern are dead" not to play the question game.
Cheers,
Dave
> -----Original Message-----
> From: ashok malhotra [mailto:ashok.malhotra@oracle.com]
> Sent: Thursday, October 11, 2007 1:33 PM
> To: David Orchard
> Cc: public-ws-policy@w3.org
> Subject: Re: Ordering of Assertions: Comment on WS-Policy Primer LCWD
>
> David:
> Please answer the question. Is it your position that there
> are no Policies where the order in which the assertions
> within a Policy Alternative are applied is important?
>
> Ashok
>
> David Orchard wrote:
>
> >I think the onus is on you to prove something, rather than
> me to prove
> >nothing, especially if you want the WG to do something.
> >
> >I know you are arguing that some policies need ordering.
> I'm arguing
> >you need to show some policies that need ordering.
> >
> >Cheers,
> >Dave
> >
> >
> >
> >>-----Original Message-----
> >>From: ashok malhotra [mailto:ashok.malhotra@oracle.com]
> >>Sent: Thursday, October 11, 2007 3:28 AM
> >>To: David Orchard
> >>Cc: public-ws-policy@w3.org
> >>Subject: Re: Ordering of Assertions: Comment on WS-Policy
> Primer LCWD
> >>
> >>I'll make it still shorter:
> >>
> >>I'm arguing that SOME policies need ordering. The Policy Framework
> >>says so and the fact the there are ordering assertions in WS
> >>SecurityPolicy confirms this.
> >>
> >>Are you arguing that NO policies need ordering?
> >>
> >>Ashok
> >>
> >>David Orchard wrote:
> >>
> >>
> >>
> >>>I'll make my note even shorter.
> >>>
> >>>What situations are those?
> >>>
> >>>For the 2nd time, you have failed to specify a single
> situation that
> >>>requires a change to WS-Policy. You've described a problem that
> >>>already has a solution and quotes from other people but
> >>>
> >>>
> >>those are not
> >>
> >>
> >>>answers to my question.
> >>>
> >>>In the absence of any real-world problem, the obvious thing for
> >>>WS-Policy WG to do is to close with no action.
> >>>
> >>>Cheers,
> >>>Dave
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>-----Original Message-----
> >>>>From: ashok malhotra [mailto:ashok.malhotra@oracle.com]
> >>>>Sent: Wednesday, October 10, 2007 1:59 PM
> >>>>To: David Orchard
> >>>>Cc: public-ws-policy@w3.org
> >>>>Subject: Re: Ordering of Assertions: Comment on WS-Policy
> >>>>
> >>>>
> >>Primer LCWD
> >>
> >>
> >>>>Hi Dave:
> >>>>I used the fact that WS-SecurityPolicy discusses order to
> >>>>
> >>>>
> >>motivate the
> >>
> >>
> >>>>need for order in at least some policies.
> >>>>I also quoted from the note from Tony Rogers.
> >>>>
> >>>>
> >>Subsequently, there was
> >>
> >>
> >>>>a note from Bob Natale who agrees that order is important
> >>>>
> >>>>
> >>but does not
> >>
> >>
> >>>>like the solution I suggested.
> >>>>
> >>>>What needs to be made clear is that order is not important in all
> >>>>policies, but there are situations where it is important
> >>>>
> >>>>
> >>and for these
> >>
> >>
> >>>>situations we need a solution.
> >>>>
> >>>>Ashok
> >>>>
> >>>>David Orchard wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>-----Original Message-----
> >>>>>>From: public-ws-policy-request@w3.org
> >>>>>>[mailto:public-ws-policy-request@w3.org] On Behalf Of
> >>>>>>
> >>>>>>
> >>ashok malhotra
> >>
> >>
> >>>>>>Sent: Wednesday, October 10, 2007 9:56 AM
> >>>>>>To: public-ws-policy@w3.org
> >>>>>>Subject: Ordering of Assertions: Comment on WS-Policy
> Primer LCWD
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>><snip/>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>In many cases the
> >>>>>>order in which assertions are processed may not matter, but
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>where it
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>does matter do we need to specify a special assertion for
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>every pair
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>of assertions that need to be ordered? Clearly, this is not
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>feasible
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>as the Policy processing engine will need to be undated
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>whenever a new
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>ordering assertion is added. So, what we need is a
> >>>>>>
> >>>>>>
> >>general-purpose
> >>
> >>
> >>>>>>ordering assertion.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>Your note jumps from assumption to conclusion to design
> with great
> >>>>>speed, indeed from assumption to conclusion within 3
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>sentences. Those
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>3 fleety sentences do not answer my previous emails central
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>question of
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>"when does order matter?". In case my question was
> >>>>>
> >>>>>
> >>missed, perhaps
> >>
> >>
> >>>>>because of burdensom length of my previous message, I'll ask
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>again more
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>succinctly:
> >>>>>
> >>>>>When does order matter?
> >>>>>
> >>>>>Until the use case is agreed by the WG, design discussions
> >>>>>
> >>>>>
> >>are very
> >>
> >>
> >>>>>premature IMHO.
> >>>>>
> >>>>>Cheers,
> >>>>>Dave
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>--
> >>>>All the best, Ashok
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>--
> >>All the best, Ashok
> >>
> >>
> >>
>
>
> --
> All the best, Ashok
>
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
Received on Monday, 15 October 2007 10:13:19 UTC