Issue 4951 -- Reformulation

Here is a reformulation of issue 4951 based on discussion on morning's 
telcon.  Thanks to Paul Cotton for contributing to this.

The issue has to do with ordering between assertions.  The spec says 
that users can write special assertions that control the ordering 
between assertions.  Examples are the "sign before encrypt" and "encrypt 
before signing" assertions in WS-Security Policy.  But the interesting 
issues come up when ordering is desired between assertions from 
different domains, for example adding RM headers and encrypting the 
headers.  In such cases, which namespace does the ordering assertion go?

The other response to this issue is that the semantics of each assertion 
includes the ordering information.  I think this is  problematic.

Consider a universe of assertions U  that includes assertions A1, A2, 
... An.  Assume  further that  the semantics of each assertion Am 
indicates its ordering wrt all other assertions in U ... or at least the 
assertions where ordering matters.  Now, we add another assertion X into 
the universe U.  Not only do we need to specify the order of X wrt all 
the assertions in U, we have to change the semantics of all the existing 
assertions in U to specify the order wrt X.  This seems to be a problem 
to me.
All the best, Ashok

Received on Wednesday, 12 September 2007 18:56:58 UTC