Re: [dipal-discuss] FAQ: what are the basic Assertion functions,and how are they provided?

[Anne Anderson <Anne.Anderson@sun.com>]

Hi Umit,

The following are some examples of web services policies with no subject 
(or where subject identity is not relevant).  Some use subject 
attributes other than the subject's identity, whereas others do not 
depend on any characteristics of the subject at all.

1) A service interface that will respond to any requester; the policy 
specifies reliable messaging parameters; or a service interface that 
will respond to any requester so long as they supply a public key by 
which the response can be encrypted.

2) A service interface that will respond to anyone able to present an 
Attribute certificate associated with the IP address of the source 
saying the source is a "Gold" level subscriber.

3) A service that will respond to any requester so long as its own CPU 
is less than 50% utilized.

4) A service interface where access depends only on the requester's 
"role" Attribute, or only on the time of day and the subject's "age" 
Attribute.

Regards,
Anne

Yalcinalp, Umit wrote:
>  
> 
> 
>>-----Original Message-----
>>From: Anne Anderson [mailto:Anne.Anderson@sun.com] 
>>Sent: Monday, Dec 19, 2005 2:25 PM
>>To: Frank McCabe
>>Cc: dipal-discuss@lists.oasis-open.org
>>Subject: Re: [dipal-discuss] FAQ: what are the basic 
>>Assertion functions, and how are they provided?
>>
>>Hi Frank,
>>
>>These are good points.  I think they touch partly on expressivity
>>requirements for a policy Assertion language and partly on an
>>appropriate division of functionality between the Assertions and the
>>policy framework in which Assertions are used.
>>
>>For issuer information, I envision this expressed at the policy
>>framework level (or even the policy metatdata level - the policy
>>envelope), and not the Assertion level.  An entire policy, 
>>including all
>>its Assertions, would be issued by the one issuer identified at the
>>policy or policy metadata level.  Since we are discussing an Assertion
>>language to be used within some externally-specified policy framework
>>language, I did not include this functionality in the list of "basic
>>functions" for an Assertion itself.
>>
>>For subject information, there are at least three approaches.  1) The
>>identity of the subject is not always relevant for a web services
>>policy, so I don't think all policies will include a "subject".  
> 
> 
> Hi Anne, 
> 
> Could you elaborate on (1) a bit ? I am trying to imagine the situations
> how a policy subject may not be relevant. I can imagine that a policy
> may apply to several subjects #Subject >=1, but it is a bit hard for me
> to imagine situations where the subject is never relevant (i.e. #Subject
> = 0). I am not sure why a policy will exist if there is no policy
> subject.
> 
> Or did you mean that a policy subject is beyond WSDL component model
> attachment(if we were to take WS-Policy as an example...) ? 
> 
> Thanks, 
> 
> --umit

-- 
Anne H. Anderson               Anne.Anderson@sun.com
Sun Microsystems Labs          1-781-442-0928
Burlington, MA USA